From owner-freebsd-net@FreeBSD.ORG Sat Feb 21 18:28:18 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A1FDFBE3 for ; Sat, 21 Feb 2015 18:28:18 +0000 (UTC) Received: from phlegethon.blisses.org (phlegethon.blisses.org [50.56.97.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 80F346A9 for ; Sat, 21 Feb 2015 18:28:18 +0000 (UTC) Received: from blisses.org (cocytus.blisses.org [23.25.209.73]) by phlegethon.blisses.org (Postfix) with ESMTPSA id 681E4148960; Sat, 21 Feb 2015 13:28:16 -0500 (EST) Date: Sat, 21 Feb 2015 13:28:14 -0500 From: Mason Loring Bliss To: "Paul A. Procacci" Subject: Re: NAT question Message-ID: <20150221182814.GZ24491@blisses.org> References: <20150221020818.GY24491@blisses.org> <20150221054604.GD14405@freenx.int.smq.datapipe.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150221054604.GD14405@freenx.int.smq.datapipe.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2015 18:28:18 -0000 On Sat, Feb 21, 2015 at 12:46:04AM -0500, Paul A. Procacci wrote: > There is a section in ipfw(8) labeled: 'NETWORK ADDRESS TRANSLATION (NAT)' > In that section it details how to bind a nat instance to an ip address. > (Namely, the ip argument) I'm not sure how I missed that there can be multiple NAT instances, seeing that they're numbered. =cough= > Then you can use ipfw to throw packets at whatever nat instance you want. It looks like I do this with ipfw add nat all from to any to tie to the external address I'll later specify with "config ip foo", if I'm reading this correctly. It'll be easy enough to test. Another question comes up - to do DNAT and pass inbound connections back to different hosts depending on which external address is used, do I want to set up something like ipfw add nat all from any to ...or do I want to do something with the "reverse" config element? the man page is light on description for "reverse". Anyway, thank you for orienting me. -- Mason Loring Bliss (( "In the drowsy dark cave of the mind dreams mason@blisses.org )) build their nest with fragments dropped http://blisses.org/ (( from day's caravan." - Rabindranath Tagore