From owner-freebsd-net@FreeBSD.ORG  Tue Jun  5 20:27:36 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 65973106564A
	for <freebsd-net@freebsd.org>; Tue,  5 Jun 2012 20:27:36 +0000 (UTC)
	(envelope-from darrenr@freebsd.org)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
	[66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 2B3C18FC08
	for <freebsd-net@freebsd.org>; Tue,  5 Jun 2012 20:27:36 +0000 (UTC)
Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44])
	by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 7ABF920DE7;
	Tue,  5 Jun 2012 16:27:35 -0400 (EDT)
Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160])
	by compute4.internal (MEProxy); Tue, 05 Jun 2012 16:27:35 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=message-id:date:from:reply-to
	:mime-version:to:cc:subject:content-type
	:content-transfer-encoding; s=smtpout; bh=izpkjZKR1O+coGB2fj/Yme
	TQOnI=; b=mPBuLzBqFMdDbiOp7IaXeGl+/UpPALL6OINZMGwGvd3ay8E7iKC9Zy
	uw4EaMg7/hahfI+s2b3nHmo4p4ERffKibwfxYU3eF3Cbk3HcJ+aC05/rO9oOMKEw
	/G2s6SaDngWhnz+1z/YWC+Fhku4M2ySPhAsGjuhnTzzMMvPA0DA64=
X-Sasl-enc: D8gdmkOulfndm2z12EImAaMCXosyz1eHqp1O4vTEVt8h 1338928055
Received: from [192.168.1.124] (unknown [202.45.110.141])
	by mail.messagingengine.com (Postfix) with ESMTPA id 805178E020B;
	Tue,  5 Jun 2012 16:27:34 -0400 (EDT)
Message-ID: <4FCE6C29.3070903@freebsd.org>
Date: Wed, 06 Jun 2012 06:29:29 +1000
From: Darren Reed <darrenr@freebsd.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: hgcheng@berkeley.edu
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: NAT with Port-block Allocation in FreeBSD?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: darrenr@freebsd.org
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2012 20:27:36 -0000

In IPFilter, the "map-block" ipnat rule serves exactly the
purpose that you are looking for. It provides address
translation of network addresses for N:M and uses ports
to multiplex them in.

Thus a /16 can be nat'd to a /8 with the other 8 bits
used in the port number.

The results of the NAT'd packets are such that if you are
given an external IP address and port number, you can
calculate which internal IP address was used without having
to know what was the currently active state of the machine.

A typical rule might look like this:
map-block le0 10.0.0.0/16 -> 203.1.1.0/24 ports auto

Darren