FreeBSD 7.3 + IPFW + Static NAT

My FreeBSD guy has gone missing...fell off another wagon I think.

We are trying to implement NATD on our gateway 7.3 machine for a specific purpose. We will be changing upstream providers and want to temporarily nat the old provider's public ip's to the new block assigned to us. Both blocks of addresses are public addresses. We're anticipating that this scheme will last only a couple of weeks, giving us time to touch all the necessary boxes.

We haven't been able to do it.

kernel has the necessary options....

/etc/rc.conf

Code:
firewall_enable="YES"
firewall_type="OPEN"
firewall_script="/etc/rc.fw"
gateway_enable="YES"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-f /etc/natd.conf"

/etc/rc.fw

Code:
ipfw add 50 divert 8668 ip from any to any via fxp0
ipfw add 60 allow ip from any to any via lo0
ipfw add 70 deny ip from any to 127.0.0.0/8
ipfw add 65000 allow ip from any to any
ipfw add 65535 deny ip from any to any


/etc/natd.conf

Code:
port 8668

# fxp0 9.8.7.2
#.....................fxp1.......fxp0      
#.................... old ......new
redirect_address 1.2.3.4     9.8.7.4
redirect_address 1.2.3.5     9.8.7.5
redirect_address 1.2.3.6     9.8.7.6
....
....
redirect_address 1.2.3.10   9.8.7.10



fxp0 is the new address block external interface and fxp1 is the internal network containing a mixture of private 10's and the machines addressed with the old public block.

It appears that none of the static redirects are happening but all the "new" addresses are being diverted and nat'ed through the new interface address 9.8.7.2

ipfw 50 diverts ALL traffic and we would really like for only the redirect_addresses to be diverted/nat'ed.

Are we wrong to assume that you can nat public to public on the internal side? Do we need an alias address for each of the redirects on fxp0 (tried that but didn't help)?

What are we missing?
 
Back
Top