From owner-freebsd-net  Fri Feb  2 10:19: 5 2001
Delivered-To: freebsd-net@freebsd.org
Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220])
	by hub.freebsd.org (Postfix) with ESMTP id 767B937B401
	for <freebsd-net@freebsd.org>; Fri,  2 Feb 2001 10:18:32 -0800 (PST)
Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!)
	by homer.softweyr.com with esmtp (Exim 3.16 #1)
	id 14OkvJ-0000A5-00; Fri, 02 Feb 2001 11:27:05 -0700
Message-ID: <3A7AFBF9.A2C7732F@softweyr.com>
Date: Fri, 02 Feb 2001 11:27:05 -0700
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: cgaylord@vt.edu
Cc: freebsd-net@freebsd.org
Subject: Re: (fwd) Re: FreeBSD ip masq, ip aliasing
References: <20010202151413.7756BFD@cgaylord.async.vt.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

cgaylord@vt.edu wrote:
> 
> I recently posted this to comp.unix.bsd.misc and thought I'd go
> ahead and air this idea here.  I'd appreciate any criticism,
> constructive or otherwise, this group would care to heap upon me.
> 
> Thanks.
> Clark
> 
> John M Cherko wrote:
> >         I am confused as to how to accomplish ip aliasing/ip masqing (I
> > believe they are the same) on a FreeBSD system. I currently run Linux 2.2
> > now and have stuck with it because I know how to run ip masqing on it.
> > I have been wanting to switch over to a BSD, mainly FreeBSD because of the
> 
> The way it works is via BSD's "divert" sockets.  You have ipfw (or
> ipfirewall, if you like) divert traffic to natd.  It is all spelled out
> very nicely in the natd man page.  The other firewall config is done via
> ipfw.  You will likely want to hack rc.firewall to suit your needs; this
> is a very readable script, so mods are pretty straight-forward.  The
> SIMPLE method may work ok for you, though; read the script and see.  I
> am working on a way to do a larger class of firewalls via rc.conf
> variables, but that still needs some work.
> 
> man natd
> man ipfw
> man divert

Well said.  Unfortunately, you didn't include Mr. Cherko's email so I 
cannot reply to him as well.  You can also accomplish this using ipfilter
and ipnat.  Some of us prefer ipfilter to ipfw, and ipfilter is available
on other BSD systems as well.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message