From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 03:16:22 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 541CD16A420 for ; Thu, 16 Feb 2006 03:16:22 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3DAD43D48 for ; Thu, 16 Feb 2006 03:16:21 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/8.12.11/smtpout02/MantshX 4.0) with ESMTP id k1G3GL5K008112; Wed, 15 Feb 2006 19:16:21 -0800 (PST) Received: from [192.168.1.3] (pool-68-161-67-103.ny325.east.verizon.net [68.161.67.103]) (authenticated bits=0) by mac.com (Xserve/smtpin08/MantshX 4.0) with ESMTP id k1G3GIlg027252 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 15 Feb 2006 19:16:20 -0800 (PST) Message-ID: <43F3EE83.6060702@mac.com> Date: Wed, 15 Feb 2006 22:16:19 -0500 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Andrew Pantyukhin References: In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions Subject: Re: natd with several alias IPs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 03:16:22 -0000 Andrew Pantyukhin wrote: > I wonder, what tricks do you use to use more than > one alias IP? I mean, if you have hundreds of > hosts behind your firewall, what can you do to alias > some of them to one ip, others to another and so on. See "man natd" about the following options for 1-to-1 NAT translation, which can be put into /etc/natd.conf and processed automagicly when the machine boots: -redirect_address localIP publicIP Redirect traffic for public IP address to a machine on the local network. This function is known as static NAT. Nor- mally static NAT is useful if your ISP has allocated a small block of IP addresses to you, but it can even be used in the case of single address: redirect_address 10.0.0.8 0.0.0.0 The above command would redirect all incoming traffic to machine 10.0.0.8. If several address aliases specify the same public address as follows redirect_address 192.168.0.2 public_addr redirect_address 192.168.0.3 public_addr redirect_address 192.168.0.4 public_addr the incoming traffic will be directed to the last translated local address (192.168.0.4), but outgoing traffic from the first two addresses will still be aliased to appear from the specified public_addr. -redirect_address localIP[,localIP[,...]] publicIP These forms of -redirect_port and -redirect_address are used to transparently offload network load on a single server and distribute the load across a pool of servers. This function is known as LSNAT (RFC 2391). For example, the argument tcp www1:http,www2:http,www3:http www:http means that incoming HTTP requests for host www will be trans- parently redirected to one of the www1, www2 or www3, where a host is selected simply on a round-robin basis, without regard to load on the net. -- -Chuck