Date: Tue, 12 Jun 2007 08:04:51 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: <freebsd-questions@freebsd.org>, "'freebsd-pf'" <freebsd-pf@freebsd.org> Subject: RE: how 2 address&port map outbound traffic to multiple/different IPs on a single intfc? Message-ID: <000301c7acbf$f8bac830$ea305890$@Hennessy@nviz.net> In-Reply-To: <70f41ba20706111920x2e9e2d71ma2bcb3dd074daa60@mail.gmail.com> References: <70f41ba20706111920x2e9e2d71ma2bcb3dd074daa60@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> so, i think i'm in the right ballpark with *nat of some sort, but how > do i get this done correctly? > There's a number of ways to do this. Add the extra addresses as aliases to the internet facing interface. E.g gw2:~ # cat /etc/rc.early /etc/rc.conf | egrep -i 'outside|alias' | sed -e ..... /sbin/ifconfig rue0 name outside network_interfaces="lo0 outside inside" ifconfig_outside="inet xx.yy.zz.251 netmask 0xfffffff8 up" ifconfig_outside_alias0="inet xx.yy.zz.252 netmask 0xffffffff" ifconfig_outside_alias1="inet xx.yy.zz.253 netmask 0xffffffff" Or. If you have control of the upstream router from your firewall add static routes for either the entire cidr block or /32 host routes for each address in the /29 you control. The routes should point to the external address of the firewall. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c7acbf$f8bac830$ea305890$>