From owner-freebsd-questions@FreeBSD.ORG Tue Jun 12 07:35:38 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A4E4916A469 for ; Tue, 12 Jun 2007 07:35:37 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.freebsd.org (Postfix) with ESMTP id 117E713C484 for ; Tue, 12 Jun 2007 07:35:36 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local (gsaltd.gotadsl.co.uk [82.133.127.200]) by smtp.nildram.co.uk (Postfix) with ESMTP id CE9E42B788B; Tue, 12 Jun 2007 08:04:52 +0100 (BST) From: "Greg Hennessy" To: , "'freebsd-pf'" References: <70f41ba20706111920x2e9e2d71ma2bcb3dd074daa60@mail.gmail.com> In-Reply-To: <70f41ba20706111920x2e9e2d71ma2bcb3dd074daa60@mail.gmail.com> Date: Tue, 12 Jun 2007 08:04:51 +0100 Message-ID: <000301c7acbf$f8bac830$ea305890$@Hennessy@nviz.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcesmmHaEvRMiXCpSfGmdB61tAhR9gAIfIHw Content-Language: en-gb X-Antivirus: avast! (VPS 000748-3, 11/06/2007), Outbound message X-Antivirus-Status: Clean Cc: Subject: RE: how 2 address&port map outbound traffic to multiple/different IPs on a single intfc? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jun 2007 07:35:38 -0000 > so, i think i'm in the right ballpark with *nat of some sort, but how > do i get this done correctly? > There's a number of ways to do this. Add the extra addresses as aliases to the internet facing interface. E.g gw2:~ # cat /etc/rc.early /etc/rc.conf | egrep -i 'outside|alias' | sed -e ..... /sbin/ifconfig rue0 name outside network_interfaces="lo0 outside inside" ifconfig_outside="inet xx.yy.zz.251 netmask 0xfffffff8 up" ifconfig_outside_alias0="inet xx.yy.zz.252 netmask 0xffffffff" ifconfig_outside_alias1="inet xx.yy.zz.253 netmask 0xffffffff" Or. If you have control of the upstream router from your firewall add static routes for either the entire cidr block or /32 host routes for each address in the /29 you control. The routes should point to the external address of the firewall. Greg