From owner-freebsd-net@FreeBSD.ORG Thu Nov 13 00:05:29 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80FA916A4CE for ; Thu, 13 Nov 2003 00:05:29 -0800 (PST) Received: from pasmtp.tele.dk (pasmtp.tele.dk [193.162.159.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8575143FF2 for ; Thu, 13 Nov 2003 00:05:28 -0800 (PST) (envelope-from krask@isupport.dk) Received: from pc100 (0x50a3814c.unknown.tele.dk [80.163.129.76]) by pasmtp.tele.dk (Postfix) with SMTP id DF9BD1EC379 for ; Thu, 13 Nov 2003 09:05:26 +0100 (CET) Message-ID: <001501c3a9bc$e24abb00$0a01a8c0@esesecurity.lan> From: "Kristian Rask" To: Date: Thu, 13 Nov 2003 09:05:11 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: multiple VLAN's public IP's and NATd's : HowTo ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2003 08:05:29 -0000 Hi all How would one go about running several instances of natd with unique = public IP's for several VLAN's terminated on the same interface ? The idea being that multiple seperate RFC-1918 networks are terminated as VLANS in the FreeBSD machine and that each VLAN goes through a seperate NAT'd instance in order to NAT on a particular public IP. 1. House full of businesses.. (here shown w. 5/8) 2. Each buisiness has it's own LAN 3. Each LAN goes into a switch where the port is configured as a = particular LAN 4. The switch is connected to a FreeBSD machine w. a set of VLAN's matching those in the seperate businesses 5. There should be 1 instance of NATd running for each VLAN 6. Each NATd uses seperate public IP's 7. WAN Staticly configured using a /30 8. /29 net for 5/8 seperate NATd's (a.b.c.0/29) routed to the wan. 9. possibly "ifconfig SomePhysIf0 a.b.c.1/29" I think for 5 IP's it would be something like: for i in 2 3 4 5 6; do natd -port 100${i} \ -f /etc/natd_${i}.conf \ -n \ -a a.b.c.${i} done for i in 2 3 4 5 6; do ipfw add divert 100${i} all ....=20 (from VLAN-if | VLAN-CIDR | ... ?)=20 to any ...(in via VLAN-if | out via WAN-if | .... ?) done i *assume* i need to configure the /29 somewhere .. i *suspect* that i can do something "weird" and actually use all 8 IP's ... perhaps configure the 8 IP's as aliases on lo ? we will have more than a few addresses in order to be able to deliver routeable addresses if anyone so requests.. like.. a /26 of wich we use a /28 for permanent IP's and can deliver 6 /29 for the few who actually needs a routable network. anyone has any experiences or hints / pointers ? TIA and regards Kristian aka The eternal newbie