Date: Sun, 24 Jul 2005 13:33:25 -0400 From: John Nielsen <lists@jnielsen.net> To: freebsd-ipfw@freebsd.org Cc: vladone <vladone@spaingsm.com> Subject: Re: Re[2]: divert to multiple public's IP Message-ID: <200507241333.25647.lists@jnielsen.net> In-Reply-To: <200507232102.16907.lists@jnielsen.net> References: <1287099147.20050723221715@spaingsm.com> <177514506.20050724002537@spaingsm.com> <200507232102.16907.lists@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 23 July 2005 09:02 pm, John Nielsen wrote:
> On Saturday 23 July 2005 05:25 pm, vladone wrote:
> > If i understand corectly with redirect_address i can forward an given
> > public ip (commonly an alias on pubic interface) to an internal ip
> > (private). I dont know if this is good for what i want.
> > More exactly description for what i want:
> > My private network is: 192.168.0.0/24
> > I have (example) public ip: 1.1.1.1, 1.1.1.6 and 1.1.1.9
> > I want:
> > ip's: 192.168.0.1-20 out(tranlated) with 1.1.1.1
> > ip's: 192.168.0.21-30 out with 1.1.1.6
> > and so.
>
> If you wanted a one-to-one mapping between public and private IP's, then
> you could use redirect_address. For what you describe above, though, the
> best approach may be to run multiple instances of natd and split up the
> traffic with ipfw.
>
> Sample setup--
>
> In /etc/services:
> natd 8668
> natd2 8669
> natd3 8670
>
> In a natd script (I don't think the rc scripts support multiple instances
> of natd):
> natd -a 1.1.1.1 -p natd
> natd -a 1.1.1.6 -p natd2
> natd -a 1.1.1.9 -p natd3
>
> And in an ipfw script:
> add divert natd3 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
> via ${external_interface}
> add skipto 10000 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
> add divert natd2 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
> via ${external_interface}
> add skipto 10000 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
> via ${external_interface}
> add divert natd all from any to any via ${external_interface}
> add 10000 allow all from any to any via lo0
> ...
>
> So you'd give a name to each divert port you want to use in /etc/services
> (8668 is already there), run an instance of natd for each external alias,
> and use comma-separated lists of IP addresses and skipto's in ipfw to
> direct the traffic appropriately. Notice that I made the last one a
> default rather than specifying its addresses explicitly. Depending on
> your needs you may want to do something similar.
On Sunday 24 July 2005 02:11 am, vladone wrote:
> Thanks John. This is what i want, and work :)
> Thanks again!!!
It occured to me you may also need rules for the other direction, a la:
add divert natd3 all from any to 1.1.1.9 via ${extarnal_interface}
Can someone correct me if I'm wrong?
JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507241333.25647.lists>