http://www.openbsd.org/faq/pf/index.html - *most* of the features in the OpenBSD faq cover the freebsd port.
Greg Barniskis wrote:
Ted Mittelstaedt wrote:I've never done it but I think you can run multiple nat instances and multiple divert sockets, you will have to specify them in theconfig file to natd, though.Excellent. That's what I was hoping for. So instead of one "divert natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert N+2", etc. where N is a port number where I bound my first natd, N+1 the next natd instance, etc. I think I can manage that.If it were me, though, I would try to setup multiple FreeBSD boxes, not only does that give you some redundancy, but it makes troubleshooting a lot easier.Thanks, but we're talking about a need for somewhere between 54 and 216 distinct NAT<->subnet instances, maybe more. I really need a solution for one host, two NICs, that compares favorably to providing this functionality with a PIX.Ted-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Greg Barniskis Sent: Friday, February 17, 2006 8:43 AM To: freebsd-questions Subject: question on NAT for multiple subnetsI'm sure I could figure this out from scrutinizing Google, the FreeBSD documentation, and testing in a lab, but I'm particularly pressed for time on finding the right answer to this.For a long time we've been quite happy coalescing all private IP client requests onto a single public IP address through NAT. Management now wants more granularity, at least one unique public IP per private subnet.Can I set up a single ipfw box that examines client source ip addrs and provides different public NAT addrs for each private client subnet?Any pointers to the best way to think about this issue much appreciated. If the answer is ipfw doesn't handle this, but some other fw does, fine, I just need to know which. Thanks!-- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questionsTo unsubscribe, send any mail to "[EMAIL PROTECTED]"-- No virus found in this incoming message. Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 267.15.10/263 - Release Date: 2/16/2006
smime.p7s
Description: S/MIME Cryptographic Signature