Enabling NATd (Network Address Translation) on a v5 ET/BWMGR bandwidth management appliance.
Requirements
Kernel Modules
In v5 kernel modules are no longer necessary.
Interfaces and Addresses
NATd requires two interfaces with active IP addresses: a private interface and a public interface. The public interface is also called the NAT interface.
For the example, suppose that:
igb0 is the public interface set the 100.1.1.1
igb1 is the private interface with an address of 192.168.17.1 / 24
Setup
You must create a script with the proper ipfw commands to set up the nat. Lets call this /etc/rc.natd
if [ "$1" = "stop" ] ; then
/sbin/ipfw -q delete 8100
/sbin/ipfw -q delete 8200
/sbin/ipfw -q nat 100 delete
else
/sbin/ipfw -q nat 100 config if igb0 same_ports \
redirect_port tcp 192.168.17.55:80 14000 \
redirect_port tcp 192.168.17.24:515 515 \
/sbin/ipfw -q add 8100 nat 100 all from any to any via igb0
/sbin/ipfw -q add 8300 nat 100 all from 192.168.17.0/24 to any via igb0
fi
Examples
In the above example, network 192.168.17.0/24 is directed to use port igb0 as its "NAT" address. Also, we've included some port mappings. Suppose you have a web servier on 192.168.17.55 that you want to have public access. The mapping above will allow the server to be accessed via port 14000. Also, a printer at 192.168.17.24 would be able to be accesses as we've passed through the 515 port to the printer.
Starting the NAT
You can start the nat by putting a line in /etc/rc.local
sh /etc/rc.natd
You'll want to test it manually first, of course.