Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Feb 2006 22:16:19 -0500
From:      Chuck Swiger <cswiger@mac.com>
To:        Andrew Pantyukhin <infofarmer@gmail.com>
Cc:        FreeBSD Questions <questions@freebsd.org>
Subject:   Re: natd with several alias IPs
Message-ID:  <43F3EE83.6060702@mac.com>
In-Reply-To: <cb5206420602151245j19b37f18g90b3a91fb71beb6d@mail.gmail.com>
References:  <cb5206420602151245j19b37f18g90b3a91fb71beb6d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Andrew Pantyukhin wrote:
> I wonder, what tricks do you use to use more than
> one alias IP? I mean, if you have hundreds of
> hosts behind your firewall, what can you do to alias
> some of them to one ip, others to another and so on.

See "man natd" about the following options for 1-to-1 NAT translation, which can
be put into /etc/natd.conf and processed automagicly when the machine boots:

     -redirect_address localIP publicIP
                 Redirect traffic for public IP address to a machine on the
                 local network.  This function is known as static NAT.  Nor-
                 mally static NAT is useful if your ISP has allocated a small
                 block of IP addresses to you, but it can even be used in the
                 case of single address:

                       redirect_address 10.0.0.8 0.0.0.0

                 The above command would redirect all incoming traffic to
                 machine 10.0.0.8.

                 If several address aliases specify the same public address as
                 follows

                       redirect_address 192.168.0.2 public_addr
                       redirect_address 192.168.0.3 public_addr
                       redirect_address 192.168.0.4 public_addr

                 the incoming traffic will be directed to the last translated
                 local address (192.168.0.4), but outgoing traffic from the
                 first two addresses will still be aliased to appear from the
                 specified public_addr.

     -redirect_address localIP[,localIP[,...]] publicIP
                 These forms of -redirect_port and -redirect_address are used
                 to transparently offload network load on a single server and
                 distribute the load across a pool of servers.  This function
                 is known as LSNAT (RFC 2391).  For example, the argument

                       tcp www1:http,www2:http,www3:http www:http

                 means that incoming HTTP requests for host www will be trans-
                 parently redirected to one of the www1, www2 or www3, where a
                 host is selected simply on a round-robin basis, without
                 regard to load on the net.

-- 
-Chuck

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F3EE83.6060702>