Date: Sun, 22 Feb 2015 07:25:50 +0200 From: wishmaster <artemrts@ukr.net> To: k.kulikov2@gmail.com Cc: freebsd-net@freebsd.org, mason@blisses.org Subject: Re[2]: NAT question Message-ID: <1424582647.585579533.z0kl61ci@frv34.fwdcdn.com> In-Reply-To: <CAD%2BeXGQf-7Tehcdq7Wj70OE069pY933E91H2uNsbjHtp2Dx33A@mail.gmail.com> References: <20150221020818.GY24491@blisses.org> <CAD%2BeXGQf-7Tehcdq7Wj70OE069pY933E91H2uNsbjHtp2Dx33A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Original Message --- From: "Konstantin Kulikov" Date: 21 February 2015, 20:55:54 > Hello. > > ipfw nat 1 config ip 1.2.3.4 > ipfw nat 2 config ip 1.2.3.5 > ipfw nat 3 config ip 1.2.3.6 > ipfw add nat 1 ip from 4.5.6.7/32 to any out via $ext > ipfw add nat 2 ip from 4.5.6.0/24 to any out via $ext > ipfw add nat 3 ip from 8.9.0.0/24 to any out via $ext > ipfw add nat 1 ip from any to 1.2.3.4 in via $ext > ipfw add nat 2 ip from any to 1.2.3.5 in via $ext > ipfw add nat 3 ip from any to 1.2.3.6 in via $ext > > Should work (untested though). I think you should use nat global in case of topic starter. > As for your dnat questing I think you want redirect_addr nat option. > > On Sat, Feb 21, 2015 at 5:08 AM, Mason Loring Bliss wrote: > > Hi all. > > > > With iptables, I can say something like: > > > > -t nat -A POSTROUTING -o eth0 -s 4.5.6.7/32 -d 0/0 -j SNAT --to-source 1.2.3.4 > > -t nat -A POSTROUTING -o eth0 -s 4.5.6.0/24 -d 0/0 -j SNAT --to-source 1.2.3.5 > > -t nat -A POSTROUTING -o eth0 -s 8.9.0.0/24 -d 0/0 -j SNAT --to-source 1.2.3.6 > > > > So, traffic going out from 4.5.6.7 goes into the world sourced from 1.2.3.4, > > whereas the rest of 4.5.6/24 goes as 1.2.3.5, and all of 8.9.0/24 comes out > > from 1.2.3.6. > > > > I don't see how to do this with IPFW. I assume there's some way to do it with > > the GENERIC kernel, so I'm assuming natd is deprecated, as it requires a > > custom kernel, as far as I can see. > > > > How do I accomplish this with IPFW? Or do I need to use PF for this? Or are > > those independent of the NAT after all and I want to use something else? If > > that's the case, does it require natd and a custom kernel, or is there > > something that works with a GENERIC kernel? (This will be 10.1, FWIW.) > > > > Thanks. > > > > -- > > Love is a snowmobile racing across the tundra and then suddenly it > > flips over, pinning you underneath. At night, the ice weasels come. > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > From owner-freebsd-net@FreeBSD.ORG Mon Feb 23 06:54:57 2015 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2C0B6955 for <freebsd-net@freebsd.org>; Mon, 23 Feb 2015 06:54:57 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [IPv6:2001:4f8:3:ffe0:406a:0:50:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CC61384 for <freebsd-net@freebsd.org>; Mon, 23 Feb 2015 06:54:57 +0000 (UTC) Received: from phabric-backend.isc.freebsd.org (phabric-backend.isc.freebsd.org [127.0.1.5]) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9) with ESMTP id t1N6su4f064163 for <freebsd-net@freebsd.org>; Mon, 23 Feb 2015 06:54:56 GMT (envelope-from root@phabric-backend.isc.freebsd.org) Received: (from root@localhost) by phabric-backend.isc.freebsd.org (8.14.9/8.14.9/Submit) id t1N6sugG064162; Mon, 23 Feb 2015 06:54:56 GMT (envelope-from root) Date: Mon, 23 Feb 2015 06:54:56 +0000 To: freebsd-net@freebsd.org From: "rodrigc (Craig Rodrigues)" <phabric-noreply@FreeBSD.org> Subject: [Differential] [Changed Subscribers] D1944: PF and VIMAGE fixes Message-ID: <7a22162cd23273c5129eb3d02012bbe7@localhost.localdomain> X-Priority: 3 Thread-Topic: D1944: PF and VIMAGE fixes X-Herald-Rules: none X-Phabricator-To: <PHID-USER-cc3fb6vejhnh7xhqtpkr> X-Phabricator-To: <PHID-USER-ogl2udicsobdviqdulu3> X-Phabricator-To: <PHID-USER-2q5asccazp7ohcpzdm6o> X-Phabricator-Cc: <PHID-MLST-5lcr2rqsbmuavxbsw4mm> X-Phabricator-Cc: <PHID-MLST-c3bj6mfydtlqmuethodc> In-Reply-To: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org> References: <differential-rev-PHID-DREV-clct73g5zt63yh3lvwzr-req@FreeBSD.org> Thread-Index: NDc2NzM0MzY4OTdiYThiNTU1MjY2ZDZmMTJiIFTqzsA= X-Phabricator-Sent-This-Message: Yes X-Mail-Transport-Agent: MetaMTA X-Auto-Response-Suppress: All X-Phabricator-Mail-Tags: <differential-cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 23 Feb 2015 06:54:57 -0000 rodrigc added subscribers: freebsd-net, freebsd-pf. REVISION DETAIL https://reviews.freebsd.org/D1944 To: nvass-gmx.com, glebius, rodrigc Cc: freebsd-pf, freebsd-net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1424582647.585579533.z0kl61ci>