Re: question on NAT for multiple subnets

Sat, 18 Feb 2006 13:51:59 -0800

Look at PF if your running FreeBSD 5/6. - You can do this easily and it's well documented. IMO it's alot more functional and usable over ipfw and definetly better documentation.
http://www.openbsd.org/faq/pf/index.html - *most* of the features in the OpenBSD faq cover the freebsd port. 



Greg Barniskis wrote:


Ted Mittelstaedt wrote:


I've never done it but I think you can run multiple nat instances
and multiple divert sockets, you will have to specify them in the

config file to natd, though.  




Excellent. That's what I was hoping for. So instead of one "divert 
natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert 
N+2", etc. where N is a port number where I bound my first natd, N+1 
the next natd instance, etc. I think I can manage that.



If it were me, though, I would try to
setup multiple FreeBSD boxes, not only does that give you some
redundancy, but it makes troubleshooting a lot easier.




Thanks, but we're talking about a need for somewhere between 54 and 
216 distinct NAT<->subnet instances, maybe more. I really need a 
solution for one host, two NICs, that compares favorably to providing 
this functionality with a PIX.




Ted


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Greg Barniskis
Sent: Friday, February 17, 2006 8:43 AM
To: freebsd-questions
Subject: question on NAT for multiple subnets



I'm sure I could figure this out from scrutinizing Google, the 
FreeBSD documentation, and testing in a lab, but I'm particularly 
pressed for time on finding the right answer to this.



For a long time we've been quite happy coalescing all private IP 
client requests onto a single public IP address through NAT. 
Management now wants more granularity, at least one unique public IP 
per private subnet.



Can I set up a single ipfw box that examines client source ip addrs 
and provides different public NAT addrs for each private client subnet?



Any pointers to the best way to think about this issue much 
appreciated. If the answer is ipfw doesn't handle this, but some 
other fw does, fine, I just need to know which. Thanks!



--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions

To unsubscribe, send any mail to 
"[EMAIL PROTECTED]"


--
No virus found in this incoming message.
Checked by AVG Free Edition.

Version: 7.1.375 / Virus Database: 267.15.10/263 - Release Date: 
2/16/2006













Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to