From owner-freebsd-pf@FreeBSD.ORG Mon Oct 25 15:59:48 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13E7616A4CE for ; Mon, 25 Oct 2004 15:59:48 +0000 (GMT) Received: from gunfright.epcdirect.co.uk (gunfright.epcdirect.co.uk [195.10.242.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6196E43D53 for ; Mon, 25 Oct 2004 15:59:47 +0000 (GMT) (envelope-from freebsd-isp@epcdirect.co.uk) Received: from lfarr (l-farr.int.epcdirect.co.uk [192.168.6.200]) by gunfright.epcdirect.co.uk (Postfix) with ESMTP id 4043068377; Mon, 25 Oct 2004 16:59:46 +0100 (BST) From: "Lawrence Farr" To: "'Aled Treharne'" , Date: Mon, 25 Oct 2004 16:59:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: Thread-Index: AcS48ZWWpeDqtd2fRy6lsxJzefbeqQBo7x4A Message-Id: <20041025155946.4043068377@gunfright.epcdirect.co.uk> Subject: RE: NAT with IP != primary external IP X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 15:59:48 -0000 > -----Original Message----- > From: owner-freebsd-pf@freebsd.org > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Aled Treharne > Sent: 23 October 2004 12:15 > To: freebsd-pf@freebsd.org > Subject: NAT with IP != primary external IP > > Hi guys. > > I'm trying to set up a firewall on a box for a friend. The > arrangement is > fairly simple, bunch of machines behind the FBSD box, FBSD > box connected to > ADSL. What I'd like to do (because I wanted to in the first > place, and now > it's annoying me) is to have 2 Ips on the external i/f on the > FBSD box, and > have one as the machine's primary IP and t'other solely as > the NAT IP. I've > tried putting various Ips in the places that make sense to > me, but I just > couldn't get it to work[1]. > > Is this possible, and if so, would someone be so kind as to > tell me how? I'm > trying to move over to pf from ipfw, and if I can get it > working, I've got a > strong case for using it at work as well. > > Thanks in advance for your sage advice. :) > > Cheers, > Aled. > > [1] This is just one place where I prefer linux's eth0:alias1 > type labelling > of sub-interfaces over FreeBSD's > just-put-multiple-ips-on-one-interface way. I use the following: ext_ipa="1.2.3.4" axt_ipb="1.2.3.5" net_if="fxp0" table { 7.8.9.0/24, 4.5.6.0/24 } nat on $net_if from to any -> $ext_ipb So traffic matching gets sent out via $ext_ipb, all other traffic comes out on $ext_ipa. Regards, Lawrence Farr