From owner-freebsd-net@FreeBSD.ORG Fri Jul 21 17:14:27 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A8F416A513 for ; Fri, 21 Jul 2006 17:14:27 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [65.122.236.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24B1D43D70 for ; Fri, 21 Jul 2006 17:14:16 +0000 (GMT) (envelope-from brett@lariat.net) Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id LAA02160 for ; Fri, 21 Jul 2006 11:14:13 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Fri, 21 Jul 2006 11:13:47 -0600 To: net@freebsd.org From: Brett Glass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Subject: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jul 2006 17:14:27 -0000 I have an application in which I'd like a FreeBSD router to have multiple, isolated LANS attached to it, each with the same address space. The FreeBSD box would take the place of multiple NAT routers. For example, I might want to have three internal Ethernet interfaces on the FreeBSD box. Each would be connected to a LAN whose internal addresses are 192.168.0.0/24. The FreeBSD box would do NAT for all of them, and of course they could not "see" one another. The alternatives, of course, would be to install multiple NAT routers -- which would be a waste -- or to number the LANs differently. But the organization for which I'm doing this wants everything about each LAN to be absolutely standard (printers at the same static addresses, etc.) so that their IT guys can walk in and know exactly how everything's numbered. Is it possible to do a "hydra headed" router such as this with FreeBSD? I'm not sure that FreeBSD's natd is equipped to sort incoming packets for multiple, identically numbered LANs properly, because it would have to remember interface names as well as addresses. Also, there would be the question of how one would connect inward to the machines on the LANs, since "ping 192.168.0.100" would be ambiguous. (Perhaps one could do it from a jail. In fact, perhaps the virtual NAT routers could be set up in jails....) --Brett Glass