Updated
Mar 22nd, 2013
First Posted
Mar 22nd, 2013

NATd on a v5 ET/BWMGR Appliance

Enabling NATd (Network Address Translation) on a v5 ET/BWMGR bandwidth management appliance.

Requirements

Kernel Modules

In v5 kernel modules are no longer necessary.

Interfaces and Addresses

NATd requires two interfaces with active IP addresses: a private interface and a public interface. The public interface is also called the NAT interface. For the example, suppose that: igb0 is the public interface set the 100.1.1.1 igb1 is the private interface with an address of 192.168.17.1 / 24

Setup

You must create a script with the proper ipfw commands to set up the nat. Lets call this /etc/rc.natd
if [ "$1" = "stop" ] ; then
  /sbin/ipfw -q delete 8100
  /sbin/ipfw -q delete 8200
  /sbin/ipfw -q nat 100 delete
else
  /sbin/ipfw -q nat 100 config if igb0 same_ports \
        redirect_port tcp 192.168.17.55:80 14000 \
        redirect_port tcp 192.168.17.24:515 515 \
   /sbin/ipfw -q add 8100 nat 100 all from any to any via igb0
  /sbin/ipfw -q add 8300 nat 100 all from 192.168.17.0/24 to any via igb0
fi

Examples

In the above example, network 192.168.17.0/24 is directed to use port igb0 as its "NAT" address. Also, we've included some port mappings. Suppose you have a web servier on 192.168.17.55 that you want to have public access. The mapping above will allow the server to be accessed via port 14000. Also, a printer at 192.168.17.24 would be able to be accesses as we've passed through the 515 port to the printer.

Starting the NAT

You can start the nat by putting a line in /etc/rc.local sh /etc/rc.natd You'll want to test it manually first, of course.
Add Comment

Next: End of Life for ET/BWMGR v4.x