Date: Tue, 26 Oct 2004 14:23:55 +0900 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: Aled Treharne <aled@thinknuts.org> Cc: freebsd-pf@freebsd.org Subject: Re: NAT with IP != primary external IP Message-ID: <20041026052355.GA4914@kt-is.co.kr> In-Reply-To: <E1CLJsn-000K9Z-R4@mail.furrfu.net> References: <E1CLJsn-000K9Z-R4@mail.furrfu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 23, 2004 at 12:15:21PM +0100, Aled Treharne wrote: > Hi guys. > > I'm trying to set up a firewall on a box for a friend. The arrangement is > fairly simple, bunch of machines behind the FBSD box, FBSD box connected to > ADSL. What I'd like to do (because I wanted to in the first place, and now > it's annoying me) is to have 2 Ips on the external i/f on the FBSD box, and > have one as the machine's primary IP and t'other solely as the NAT IP. I've > tried putting various Ips in the places that make sense to me, but I just > couldn't get it to work[1]. > AFAIK, pf maintains a table for $interface and ($interface) is stored in a <table>. If interface $interface has aliases, round-robin through them would be performed automatically by pf. If you want to disable the automatic round-robin in NAT you should let pf not to do so. For instance: nat on $interface inet from $internal_ips to any -> ($interface:0) or nat on $interface inet from $internal_ips to any -> $interface:0 or specify explicit IP address to use nat on $interface inet from $internal_ips to any -> $primary_ip > Is this possible, and if so, would someone be so kind as to tell me how? I'm > trying to move over to pf from ipfw, and if I can get it working, I've got a > strong case for using it at work as well. > > Thanks in advance for your sage advice. :) > > Cheers, > Aled. > > [1] This is just one place where I prefer linux's eth0:alias1 type labelling > of sub-interfaces over FreeBSD's just-put-multiple-ips-on-one-interface way. > -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041026052355.GA4914>