Re: multiple NATd's and VLAN's

From: Henri Hennebert (hlh_at_cocoon.cercle.be)
Date: 11/12/03 

Date: Wed, 12 Nov 2003 21:41:06 +0100

Kristian Rask wrote:
> Hi all
>
> How would one go about running several instances of natd with unique
> public IP's for several VLAN's terminated on the same interface ?
>
> The idea being that multiple seperate RFC-1918 networks are
> terminated as VLANS in the FreeBSD machine and that
> each VLAN goes through a seperate NAT'd instance in order to
> NAT on a particular public IP.
>
> 1. House full of businesses.. (here shown w. 5/8)
> 2. Each buisiness has it's own LAN
> 3. Each LAN goes into a switch where the port is configured as a
> particular LAN
> 4. The switch is connected to a FreeBSD machine w. a set of
> VLAN's matching those in the seperate businesses
> 5. There should be 1 instance of NATd running for each VLAN
> 6. Each NATd uses seperate public IP's
> 7. WAN Staticly configured using a /30
> 8. /29 net for 5/8 seperate NATd's (a.b.c.0/29) routed to the wan.
> 9. possibly "ifconfig SomePhysIf0 a.b.c.1/29"
>
Just a litle idea,

With ipfw, you can divert packets from each 1918 net to a different natd,
but when it comes to input from internet, I can't imagine how to manage
the mess...

> I think for 5 IP's it would be something like:
>
> for i in 2 3 4 5 6; do
> natd -port 100${i} \
> -f /etc/natd_${i}.conf \
> -n <phys-if or vlan ?> \
> -a a.b.c.${i}
> done
>
> for i in 2 3 4 5 6; do
> ipfw add divert 100${i} all ....
> (from VLAN-if | VLAN-CIDR | ... ?)
> to any ...(in via VLAN-if | out via WAN-if | .... ?)
> done
>
> i *assume* i need to configure the /29 somewhere ..
> i *suspect* that i can do something "weird" and actually
> use all 8 IP's ... perhaps configure the 8 IP's as aliases on lo ?
>
> we will have more than a few addresses in order to be able to deliver
> routeable addresses if anyone so requests..
> like.. a /26 of wich we use a /28 for permanent IP's and can deliver
> 6 /29 for the few who actually needs a routable network.
>
> anyone has any experiences or hints / pointers ?
>
>
>
> TIA and regards
>
> Kristian aka The eternal newbie

newbie, newbie , with such a problem on hand you are too modest!

But really I think it's a good mindset...

Henri
>
>

Relevant Pages

  • multiple VLANs public IPs and NATds : HowTo ?
    ... How would one go about running several instances of natd with unique public IP's for several VLAN's terminated on the same interface? ... The idea being that multiple seperate RFC-1918 networks are ... Each LAN goes into a switch where the port is configured as a particular LAN ... There should be 1 instance of NATd running for each VLAN ...
    (freebsd-net)
  • multiple NATds and VLANs
    ... The idea being that multiple seperate RFC-1918 networks are ... Each buisiness has it's own LAN ... There should be 1 instance of NATd running for each VLAN ...
    (comp.unix.bsd.freebsd.misc)
  • Re: multiple VLANs public IPs and NATds : HowTo ?
    ... > each VLAN goes through a seperate NAT'd instance in order to ... Each LAN goes into a switch where the port is configured as a particular LAN ... Each NATd uses seperate public IP's ... 20200 divert 108 ip from any to xxx.xxx.49.127 ...
    (freebsd-net)
  • ipfw / natd does not allow lan traffic to reach external numbers
    ... *) natd is used to redirect access to external IP addresses and ports ... -redirect_port tcp 192.168.0.21:25-52 25-52 ... -redirect_port udp 192.168.0.21:25-52 25-52 ... comes when a box on the LAN tries to reach a site residing on ...
    (freebsd-questions)
  • RE: Acess to virtual hosts are being blocked by natd/firewall
    ... >> Make sure that you are diverting the traffic from LAN to ... > DMZ via NATD. ... Not between the LAN and DMZ area, ...
    (freebsd-net)