Date: Tue, 20 Jun 2000 21:22:06 +0200 (SAST) From: Sean Greven <sgreven@cyber.za.net> To: freebsd-questions@freebsd.org Subject: natd - static and dynamic Message-ID: <Pine.BSF.4.21.0006202056550.50910-100000@storm.cyber.za.net>
next in thread | raw e-mail | index | archive | help
As a service provision organisation, We have a need to run natd as a service for users inside our network. Since we make use of private address space we need to translate outbound sessions to certain ip addresses, the only problem here is that the overload address cannot be an alias address on the outside interface or the outside interface address, since scale is an issue and binding to all the alias addresses causes problems, as well as the fact that certain addreses are permitted certain priviliges through the firewalls of ourpeering networks. We also have a need for static addressing, so that we can "mirror" our customers internal hosts to "virtual"(public) ip addresses. We currently do this with cisco IP Plus software on our routers with success, however it would suit us to run this on our BSD platforms. I have managed to configure this using the following command along with setting up proxy arp and routing rules. natd -m -s -n fxp0 -f natd.conf and natd.conf contains. #static mappings redirect_address 10.1.1.1 (public_address1) redirect_address 10.1.230.111 (public_address2) .....etc... #dynamic mappings redirect_address 10.3.3.1 (public_address254) redirect_address 10.3.3.2 (public_address254) redirect_address 10.5.7.16 (public_address254) ......etc....etc.... the problem here is the lack of a netmask or prefix setting for the overloading of a large range of addresses. On 3.4-RELEASE I tested KAME and it had a kernel based nat called SuMiTe , which worked very well if one used the pma utility to define your nat pools. However the kame project code has been largely incorporated into 4.0-RELEASE and it seems as if SuMiTe has done a dissapearing act out of both the BSD code base as well as the KAME SNAP release for 4.0. Is it possible to get natd to emulate this behavior in any way ? Any help would be appreciated. All opinions expressed in this E-Mail are my own unless otherwise indicated, and are in no way to be affilliated with the opinions of SITA pty ltd. Sean Greven Network Consultant / Security Consultant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006202056550.50910-100000>