From owner-freebsd-questions Tue Feb 15 19:37: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106]) by builder.freebsd.org (Postfix) with ESMTP id CAC314698 for ; Tue, 15 Feb 2000 19:32:41 -0800 (PST) Received: from tetron02.tetronsoftware.com (tetron02.tetronsoftware.com [208.236.46.106]) by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id VAA01532; Tue, 15 Feb 2000 21:32:19 -0600 (CST) (envelope-from zeus@tetronsoftware.com) Date: Tue, 15 Feb 2000 21:32:19 -0600 (CST) From: Gene Harris To: Remnants Cc: FreeBSD Qs Subject: Re: ipfw / natd + outgoing source address? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 15 Feb 2000, Remnants wrote: > Maybe I'm just missing something in the man pages, but is there any way > to change the source address used for _outgoing_ connections from the > inside of a NAT to one of the external interface's aliases using ipfw / > natd? Something like ... > > ( lan ) tun0 tun1 ( aliases ) > > 192.168.0.1 ---+---> [-----] -------> 172.16.0.21 > 192.168.0.2 ---+---> | | -------> 172.16.0.22 > 192.168.0.3 ---+---> | nat | -------> 172.16.0.23 > 192.168.0.4 ---+ | | > 192.168.0.5 ---' [-----] > > ... so that requests originating from 192.168.0.1 would appear to the > outside world as coming from 172.16.0.21, 192.168.0.2 as 172.16.0.22, > and everything else on the inside as 172.16.0.23. I don't think you want to use ipfw to do this. I believe that you accomplish this by using static nat. If the man pages for natd are correct, you implement the translation scheme by repeatedly applying the -redirect_address option for each static translation that you wish to implement. You will probably want to investigate using a natd.conf file for this: redirect_address 192.168.0.1 172.16.0.21 redirect_address 192.168.0.2 172.16.0.22 The man page concentrated on the incoming part of the translation, but there is a hint near the end of the discussion on -redirect_address about outgoing addresses as well. If freebsd implements full, two-way static nat, then this is the option that should do it. I hope this helps, Gene > > I see from the ipfilter docs and how-to that it appears to support this > kind of functionality via its map directive, but I'd rather not have to > switch. > > Many thanks in advance. > > r. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > *==============================================* *Gene Harris http://www.tetronsoftware.com* * Home of TeamAccess version control for * * Microsoft Office 97 and 2000 * * FreeBSD 3.4-STABLE - The Power to Serve * * Redhat 6.1 Secure Web Server * *==============================================* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message