Date: Sat, 18 Feb 2006 13:49:10 -0800 From: "Rob Connon (Info)" <rob.info@vfs.com> To: Greg Barniskis <gregb@scls.lib.wi.us> Cc: freebsd-questions <freebsd-questions@freebsd.org>, Ted Mittelstaedt <tedm@toybox.placo.com> Subject: Re: question on NAT for multiple subnets Message-ID: <43F79656.7090309@vfs.com> In-Reply-To: <43F61258.6000604@scls.lib.wi.us> References: <LOBBIFDAGNMAMLGJJCKNIEGLFDAA.tedm@toybox.placo.com> <43F61258.6000604@scls.lib.wi.us>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms070606050905020708040504 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Look at PF if your running FreeBSD 5/6. - You can do this easily and it's well documented. IMO it's alot more functional and usable over ipfw and definetly better documentation. http://www.openbsd.org/faq/pf/index.html - *most* of the features in the OpenBSD faq cover the freebsd port. Greg Barniskis wrote: > Ted Mittelstaedt wrote: > >> I've never done it but I think you can run multiple nat instances >> and multiple divert sockets, you will have to specify them in the >> config file to natd, though. > > > Excellent. That's what I was hoping for. So instead of one "divert > natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert > N+2", etc. where N is a port number where I bound my first natd, N+1 > the next natd instance, etc. I think I can manage that. > >> If it were me, though, I would try to >> setup multiple FreeBSD boxes, not only does that give you some >> redundancy, but it makes troubleshooting a lot easier. > > > Thanks, but we're talking about a need for somewhere between 54 and > 216 distinct NAT<->subnet instances, maybe more. I really need a > solution for one host, two NICs, that compares favorably to providing > this functionality with a PIX. > > >> Ted >> >>> -----Original Message----- >>> From: owner-freebsd-questions@freebsd.org >>> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Greg Barniskis >>> Sent: Friday, February 17, 2006 8:43 AM >>> To: freebsd-questions >>> Subject: question on NAT for multiple subnets >>> >>> >>> I'm sure I could figure this out from scrutinizing Google, the >>> FreeBSD documentation, and testing in a lab, but I'm particularly >>> pressed for time on finding the right answer to this. >>> >>> For a long time we've been quite happy coalescing all private IP >>> client requests onto a single public IP address through NAT. >>> Management now wants more granularity, at least one unique public IP >>> per private subnet. >>> >>> Can I set up a single ipfw box that examines client source ip addrs >>> and provides different public NAT addrs for each private client subnet? >>> >>> Any pointers to the best way to think about this issue much >>> appreciated. If the answer is ipfw doesn't handle this, but some >>> other fw does, fine, I just need to know which. Thanks! >>> >>> >>> -- >>> Greg Barniskis, Computer Systems Integrator >>> South Central Library System (SCLS) >>> Library Interchange Network (LINK) >>> <gregb at scls.lib.wi.us>, (608) 266-6348 >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to >>> "freebsd-questions-unsubscribe@freebsd.org" >>> >>> -- >>> No virus found in this incoming message. >>> Checked by AVG Free Edition. >>> Version: 7.1.375 / Virus Database: 267.15.10/263 - Release Date: >>> 2/16/2006 >>> >> >> > > --------------ms070606050905020708040504 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIH3TCC AkkwggGyoAMCAQICAw+1/DANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUxMDIwMTgxNjU3WhcNMDYxMDIwMTgxNjU3 WjBCMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBy b2IuaW5mb0B2ZnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrgaqYmutxRyB j7lOloc8vvKxBMXxBoX6ZPH4izXz7mYxe2aZhTXgvyO6anUcxdF7Cc4dv87zp/HnBHdteiMg NCiHmlB5qOmkVdlScMnmSHAyirWSpO+N5DeO74Rjs+c8icizMPIWP1Acx/P9IZt+DcOv5m/4 gXQi7k+lASj78QIDAQABoy0wKzAbBgNVHREEFDASgRByb2IuaW5mb0B2ZnMuY29tMAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAet3R0PmERIg0JAuBvOPKIy+ao/6Pr2/+5N3w /cCpDJjuNQHVJamNt/yySEF1vtAlDcAn0uaoRwLwDlcRX9/Nn6+x1xIIszEhWJCJHBzlfTpu QpCxGuwhWoPWPwcUym070ODTFHSnx9PEzG/3LxxRplH5lqK3c/Bs4aJhDOb7zjcwggJJMIIB sqADAgECAgMPtfwwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBMB4XDTA1MTAyMDE4MTY1N1oXDTA2MTAyMDE4MTY1N1owQjEf MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEfMB0GCSqGSIb3DQEJARYQcm9iLmlu Zm9AdmZzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAq64GqmJrrcUcgY+5TpaH PL7ysQTF8QaF+mTx+Is18+5mMXtmmYU14L8jump1HMXRewnOHb/O86fx5wR3bXojIDQoh5pQ eajppFXZUnDJ5khwMoq1kqTvjeQ3ju+EY7PnPInIszDyFj9QHMfz/SGbfg3Dr+Zv+IF0Iu5P pQEo+/ECAwEAAaMtMCswGwYDVR0RBBQwEoEQcm9iLmluZm9AdmZzLmNvbTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBAUAA4GBAHrd0dD5hESINCQLgbzjyiMvmqP+j69v/uTd8P3AqQyY 7jUB1SWpjbf8skhBdb7QJQ3AJ9LmqEcC8A5XEV/fzZ+vsdcSCLMxIViQiRwc5X06bkKQsRrs IVqD1j8HFMptO9Dg0xR0p8fTxMxv9y8cUaZR+Zait3PwbOGiYQzm+843MIIDPzCCAqigAwIB AgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkG A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNV BAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9R zgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB /wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1Ro YXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAc MRowGAYDVQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oL LswNo2asZw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsA xRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwh GTXeJLHTHUb/XV9lTzGCArowggK2AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG cmVlbWFpbCBJc3N1aW5nIENBAgMPtfwwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsG CSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwMjE4MjE0OTEwWjAjBgkqhkiG9w0BCQQx FgQUNwJ5Kup2WK2CjyTmSg/YLsR7q7YwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAO BggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgw eAYJKwYBBAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECAw+1/DB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNV BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPtfwwDQYJKoZIhvcNAQEBBQAEgYBqmBG6GBHf SuPglOg9XL49Ztm7P4sRDqj4GOS0sHRPDV+bTXf0UOg50Jxn0r/Mxn/+fkDTTv548FrmdV+Y MdIpsdgurD3FA/RolVaYxnVxtO/1vn5AKKCzHuFl3NFyGUKNJU3x7Lfp1nciEtmiv/+//Gu3 Dm3SD7yzCyKkMnwlKQAAAAAAAA== --------------ms070606050905020708040504--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F79656.7090309>