Large-scale 1-1 NAT
Christopher Cowart
ccowart at rescomp.berkeley.edu
Mon Sep 24 13:37:29 PDT 2007
On Mon, Sep 24, 2007 at 12:57:19PM +0200, Max Laier wrote:
> On Monday 24 September 2007, Cristian KLEIN wrote:
> > Christopher Cowart wrote:
> > > The real question is: what's the best way to dynamically update the
> > > NAT table?
> >
> > You may use IPFW with IPNAT or PF instead. PF is able to reload its
> > configuration without disruption. Moreover, because the state table is
> > not flushed during a reload, you can even move NATed clients from one
> > public IP to another, without them noticing.
>
> In fact pf comes with an almost ready-made sollution. Check out authpf(8)
> for details.
That looks pretty cool. The problem is these are not local users; the
only way to authenticate them is to use web-based services.
--
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070924/796d8bda/attachment.pgp
More information about the freebsd-net
mailing list