how 2 address&port map outbound traffic to multiple/different
IPs on a single intfc?
Greg Hennessy
Greg.Hennessy at nviz.net
Tue Jun 12 07:04:55 UTC 2007
> so, i think i'm in the right ballpark with *nat of some sort, but how
> do i get this done correctly?
>
There's a number of ways to do this.
Add the extra addresses as aliases to the internet facing interface. E.g
gw2:~ # cat /etc/rc.early /etc/rc.conf | egrep -i 'outside|alias' | sed -e
.....
/sbin/ifconfig rue0 name outside
network_interfaces="lo0 outside inside"
ifconfig_outside="inet xx.yy.zz.251 netmask 0xfffffff8 up"
ifconfig_outside_alias0="inet xx.yy.zz.252 netmask 0xffffffff"
ifconfig_outside_alias1="inet xx.yy.zz.253 netmask 0xffffffff"
Or. If you have control of the upstream router from your firewall add
static routes for either the entire cidr block or /32 host routes for each
address in the /29 you control.
The routes should point to the external address of the firewall.
Greg
More information about the freebsd-pf
mailing list