From owner-freebsd-net@FreeBSD.ORG Sat Feb 21 18:55:47 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7CBAADA for ; Sat, 21 Feb 2015 18:55:47 +0000 (UTC) Received: from mail-ie0-x234.google.com (mail-ie0-x234.google.com [IPv6:2607:f8b0:4001:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 43FAA976 for ; Sat, 21 Feb 2015 18:55:47 +0000 (UTC) Received: by iecat20 with SMTP id at20so15047277iec.12 for ; Sat, 21 Feb 2015 10:55:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=dtldVFWlu36GfNvPgyu8Pf90SAEVlQqrfjLmk/rJBDQ=; b=BjFUFIX8BlJU8mznDPr+BecP5sKi33FYeg27oF0lEb1H0iLmwuB0zhZ39fEpk43VLS 8BJPIDRGEv0QPJ70aDOp2IvP0j1tgzWTsQNYXn2mcQNZqRACg5CnUkQCbFEBupV5yqMo 7piNqmHx6uRFecfCft+WwZRzN+cERgN1KN1T27Vfkjmnfjd7LfwtQ0NWpaAwbAGt9SgA STLWgcwDHu1FHSXHLgXyWLufP2PJLAAQBg+McW10NH9uEoyO87ALEiwboWOZaeM1gfFc F4FYzc9+TdHcyvSyKezFmnmvewKZ9ewgke19PxdMBzJJnEGgq9o2SqKkcd+vuUCiJMx2 sqQA== X-Received: by 10.51.17.1 with SMTP id ga1mr3852384igd.33.1424544946461; Sat, 21 Feb 2015 10:55:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.36.71.72 with HTTP; Sat, 21 Feb 2015 10:55:26 -0800 (PST) In-Reply-To: <20150221020818.GY24491@blisses.org> References: <20150221020818.GY24491@blisses.org> From: Konstantin Kulikov Date: Sat, 21 Feb 2015 22:55:26 +0400 Message-ID: Subject: Re: NAT question To: Mason Loring Bliss Content-Type: text/plain; charset=UTF-8 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Feb 2015 18:55:47 -0000 Hello. ipfw nat 1 config ip 1.2.3.4 ipfw nat 2 config ip 1.2.3.5 ipfw nat 3 config ip 1.2.3.6 ipfw add nat 1 ip from 4.5.6.7/32 to any out via $ext ipfw add nat 2 ip from 4.5.6.0/24 to any out via $ext ipfw add nat 3 ip from 8.9.0.0/24 to any out via $ext ipfw add nat 1 ip from any to 1.2.3.4 in via $ext ipfw add nat 2 ip from any to 1.2.3.5 in via $ext ipfw add nat 3 ip from any to 1.2.3.6 in via $ext Should work (untested though). As for your dnat questing I think you want redirect_addr nat option. On Sat, Feb 21, 2015 at 5:08 AM, Mason Loring Bliss wrote: > Hi all. > > With iptables, I can say something like: > > -t nat -A POSTROUTING -o eth0 -s 4.5.6.7/32 -d 0/0 -j SNAT --to-source 1.2.3.4 > -t nat -A POSTROUTING -o eth0 -s 4.5.6.0/24 -d 0/0 -j SNAT --to-source 1.2.3.5 > -t nat -A POSTROUTING -o eth0 -s 8.9.0.0/24 -d 0/0 -j SNAT --to-source 1.2.3.6 > > So, traffic going out from 4.5.6.7 goes into the world sourced from 1.2.3.4, > whereas the rest of 4.5.6/24 goes as 1.2.3.5, and all of 8.9.0/24 comes out > from 1.2.3.6. > > I don't see how to do this with IPFW. I assume there's some way to do it with > the GENERIC kernel, so I'm assuming natd is deprecated, as it requires a > custom kernel, as far as I can see. > > How do I accomplish this with IPFW? Or do I need to use PF for this? Or are > those independent of the NAT after all and I want to use something else? If > that's the case, does it require natd and a custom kernel, or is there > something that works with a GENERIC kernel? (This will be 10.1, FWIW.) > > Thanks. > > -- > Love is a snowmobile racing across the tundra and then suddenly it > flips over, pinning you underneath. At night, the ice weasels come. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"