Site Navigation

Date:      Sat, 18 Feb 2006 13:49:10 -0800
From:      "Rob Connon (Info)" <rob.info@vfs.com>
To:        Greg Barniskis <gregb@scls.lib.wi.us>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>, Ted Mittelstaedt <tedm@toybox.placo.com>
Subject:   Re: question on NAT for multiple subnets
Message-ID:  <43F79656.7090309@vfs.com>
In-Reply-To: <43F61258.6000604@scls.lib.wi.us>
References:  <LOBBIFDAGNMAMLGJJCKNIEGLFDAA.tedm@toybox.placo.com> <43F61258.6000604@scls.lib.wi.us>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Look at PF if your running FreeBSD 5/6. - You can do this easily and 
it's well documented.
IMO it's alot more functional and usable over ipfw and definetly better 
documentation.

http://www.openbsd.org/faq/pf/index.html - *most* of the features in the 
OpenBSD faq cover the freebsd port.



Greg Barniskis wrote:

> Ted Mittelstaedt wrote:
>
>> I've never done it but I think you can run multiple nat instances
>> and multiple divert sockets, you will have to specify them in the
>> config file to natd, though.  
>
>
> Excellent. That's what I was hoping for. So instead of one "divert 
> natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert 
> N+2", etc. where N is a port number where I bound my first natd, N+1 
> the next natd instance, etc. I think I can manage that.
>
>> If it were me, though, I would try to
>> setup multiple FreeBSD boxes, not only does that give you some
>> redundancy, but it makes troubleshooting a lot easier.
>
>
> Thanks, but we're talking about a need for somewhere between 54 and 
> 216 distinct NAT<->subnet instances, maybe more. I really need a 
> solution for one host, two NICs, that compares favorably to providing 
> this functionality with a PIX.
>
>
>> Ted
>>
>>> -----Original Message-----
>>> From: owner-freebsd-questions@freebsd.org
>>> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Greg Barniskis
>>> Sent: Friday, February 17, 2006 8:43 AM
>>> To: freebsd-questions
>>> Subject: question on NAT for multiple subnets
>>>
>>>
>>> I'm sure I could figure this out from scrutinizing Google, the 
>>> FreeBSD documentation, and testing in a lab, but I'm particularly 
>>> pressed for time on finding the right answer to this.
>>>
>>> For a long time we've been quite happy coalescing all private IP 
>>> client requests onto a single public IP address through NAT. 
>>> Management now wants more granularity, at least one unique public IP 
>>> per private subnet.
>>>
>>> Can I set up a single ipfw box that examines client source ip addrs 
>>> and provides different public NAT addrs for each private client subnet?
>>>
>>> Any pointers to the best way to think about this issue much 
>>> appreciated. If the answer is ipfw doesn't handle this, but some 
>>> other fw does, fine, I just need to know which. Thanks!
>>>
>>>
>>> -- 
>>> Greg Barniskis, Computer Systems Integrator
>>> South Central Library System (SCLS)
>>> Library Interchange Network (LINK)
>>> <gregb at scls.lib.wi.us>, (608) 266-6348
>>> _______________________________________________
>>> freebsd-questions@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to 
>>> "freebsd-questions-unsubscribe@freebsd.org"
>>>
>>> -- 
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.375 / Virus Database: 267.15.10/263 - Release Date: 
>>> 2/16/2006
>>>
>>
>>
>
>


[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


���0�I0�
��
��0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
051020181657Z
061020181657Z0B10UThawte Freemail Member10	*�H��

	
rob.info@vfs.com0��0
	*�H��



��0�������bk�����N��<������d���5��f1{f��5�#�ju��{	������wmz# 4(��Py��U�Rp��Hp2������7��c��<�ȳ0�?P���!�~
ï�o��t"�O�
(��

�-0+0U0�rob.info@vfs.com0U

�00
	*�H��


��z�����D�4$����#/�����o���������5
�%�����HAu��%
�'��G�W_�͟����1!X���}:nB���!Z��?�m;���t�����o�/Q�Q����s�l�a���70�I0�
��
��0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
051020181657Z
061020181657Z0B10UThawte Freemail Member10	*�H��

	
rob.info@vfs.com0��0
	*�H��



��0�������bk�����N��<������d���5��f1{f��5�#�ju��{	������wmz# 4(��Py��U�Rp��Hp2������7��c��<�ȳ0�?P���!�~
ï�o��t"�O�
(��

�-0+0U0�rob.info@vfs.com0U

�00
	*�H��


��z�����D�4$����#/�����o���������5
�%�����HAu��%
�'��G�W_�͟����1!X���}:nB���!Z��?�m;���t�����o�/Q�Q����s�l�a���70�?0���


0
	*�H��


0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��

	
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��



��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q�
��P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`��

���0��0U

�0

�
0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U
0)U"0 �010UPrivateLabel2-1380
	*�H��


��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1��0��

0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0	+��
�0	*�H��

	1	*�H��


0	*�H��

	1
060218214910Z0#	*�H��

	17y*�vX���$�J�.�{��0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0x	+

�71k0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0z*�H��

	1k�i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA��0
	*�H��



��j���J����=\�=fٻ?���䴰tO
_�Mw�P�9Мgҿ���~@�N�x�Z�u_�1�)��.�=��h�V��uq����~@(���e��rB�%M����w"٢����k�m���"�2|%)

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F79656.7090309>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact