Dynamic NAT from pool on FreeBSD

Good day,

I have a FreeBSD 8.1 server installed and connected to network. (See topology screenshot).

6163


I need to masquarade the PC ip 192.168.1.2 on FreeBSD to 1.1.1.3, not to 1.1.1.2. On router the the source traffic must been from 1.1.1.3, not from 1.1.1.2. Is it possible?

I tried with assigning secondary ip 1.1.1.3 with alias on rc.conf, it didnt worked.
 
Because, all client PCs reach the router through 1.1.1.2. And now i need to limit some client IPs on Router and it is necessary to divide them on freebsd by mapping them to 1.1.1.3. After i can limit only 1.1.1.3 on Router.
 
On FreeBSD they are masquerate to 1.1.1.2 on outside interface at moment. But some of clients i need to NAT to other IP from 1.1.1.0/24 Subnet (fro example, to 1.1.1.3).
Traffic is masquerading on both router (FreeBSD and Router).

The purpose is to masquerade on FreeBSD some of clients to 1.1.1.2, which is the interface IP, and some other clients i want to masquerade to 1.1.1.3 which one is not seted on interface as ip.

I assigned 1.1.1.3 as alias on freebsd interface, but i cant masquerade clients to this ip address.

Default rules:

LanOut="vr1"
LanOutIP="1.1.1.2"
NetIn="192.168.1.0"
NetMask="24"

${FwCMD} add divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} add divert natd ip from ${NetVpn}/${NetMask} to any out via ${LanOut}
 
Where is the faulty? This scheme is working, i need only some secrets of NAT on FreeBSD. If it was Cisco ASA, problem would solve myself.
Link to do it on Cisco ASA:
 
Yes, ping is going...
I add this rule on the top of default nat rule.
${FwCMD} add divert natd ip from 192.168.1.2 to any out via 1.1.1.3

The above rule is not working.

The traffic goes through the default nat rule:

${FwCMD} add divert natd ip from ${NetIn}/${NetMask} to any out via ${LanOut}
${FwCMD} add divert natd ip from ${NetVpn}/${NetMask} to any out via ${LanOut}
 
I'm sorry for not replying for ipfw. But in PF you can do something like this:
Code:
nat on $LanOut inet from 192.1681.2 to any -> 1.1.1.3
nat on $LanOut inet from $RestOfYourNetwork to any -> 1.1.1.2
I always do this to seperate outgoing public IP addresses for multiple local IPs and/or LANs, works like a charm.
 
Back
Top