Multiple NAT router

. at babolo.ru . at babolo.ru
Mon Jul 24 00:55:54 UTC 2006 

> I have an application in which I'd like a FreeBSD router to have 
> multiple, isolated LANS attached to it, each with the same address 
> space. The FreeBSD box would take the place of multiple NAT routers.
> 
> For example, I might want to have three internal Ethernet 
> interfaces on the FreeBSD box. Each would be connected to a LAN 
> whose internal addresses are 192.168.0.0/24. The FreeBSD box would 
> do NAT for all of them, and of course they could not "see" one another.
> 
> The alternatives, of course, would be to install multiple NAT 
> routers -- which would be a waste -- or to number the LANs 
> differently. But the organization for which I'm doing this wants 
> everything about each LAN to be absolutely standard (printers at 
> the same static addresses, etc.) so that their IT guys can walk in 
> and know exactly how everything's numbered.
> 
> Is it possible to do a "hydra headed" router such as this with 
> FreeBSD? I'm not sure that FreeBSD's natd is equipped to sort 
> incoming packets for multiple, identically numbered LANs properly, 
> because it would have to remember interface names as well as 
> addresses. Also, there would be the question of how one would 
> connect inward to the machines on the LANs, since "ping 
> 192.168.0.100" would be  ambiguous. (Perhaps one could do it from a 
> jail. In fact, perhaps the virtual NAT routers could be set up in jails....)

The most cumbersome thing is the same net on ifaces.

Not sure, but I do if I try:

client interfaces: if0, if1, if2
external interface: ef0
default router for all clients: 192.168.0.1

ifconfig if0 inet 10.0.0.1/32
ifconfig if1 inet 10.0.0.2/32
ifconfig if2 inet 10.0.0.3/32
ifconfig lo0 inet 192.168.0.1/32

sysctl net.link.ether.inet.proxyall=1

ifconfig ef0 inet ...1

Say your provider to route ...2, ...3, ...4
to ...1, start 3 natd with ...2, ...3, ...4
IP addresses.

On internal -> external direction do usual
NAT by own natd for each iface
(try Julian Elischer's post but do simplier)
and on external -> internal direction
mark pakets before natd with, for example
1, 2, 3 mark and after natd forward
packets 1 marked to 10.0.0.1, 2 marked to 10.0.0.2
so on.

2 things I am not sure:
is natd marks safe?
How ipfw forward to own iface works?
(it worked for me with route)

Sorry my bad English

More information about the freebsd-net mailing list