[Xorp-users] NAT on multiple interfaces
Pavlin Radoslavov
pavlin at icir.org
Mon Nov 13 11:04:24 PST 2006
> I have 2 WAN lines coming into my xorp router and one going out to my
> LAN. I would to be able to define the NAT rules once to be effective
> for both incoming ports.
> (All IP Addresses listed here are pretend)
> For example, I want to configure a NAT rule so ssh (port 22) should go
> to ip address 192.168.0.100.
> One WAN line is 211.10.5.41 on eth1 and the other is 75.99.8.15 on
> eth2
>
> I would like one rule so that whether you go to either of the WAN IP
> addresses it will take you to the correct computer.
> From what I understand of this, I need to specify an
> inbound-interface, which means that a rule only can work for one
> WAN address.
>
> Is this true?
XORP doesn't support NAT configuration (yet). Whatever NAT rules
you want to apply, you have to do it outside of XORP by using the
mechanism provided by the underlying system.
Hence, the answer to your question is OS specific (e.g., natd(8) on
FreeBSD, iptables(8) on Linux, etc).
>From a quick reading of the iptables(8) manual page (on Gentoo), it
appears that the "-i" option is not mandatory:
"If this option is omitted, any interface name will match."
In other words, it looks like on Linux you can achieve what you want
with a single NAT rule. Check the corresponding manual page if you
use a different OS.
Regards,
Pavlin
More information about the Xorp-users
mailing list