Home / server / Questions / 332322
In Process
osgx
Asked: 2011-07-30 04:49:23 +0800 CST

Force OpenBSD to use internally one IP, but send and receive from network from other IP?

  • 772

Is it possible to set up OpenBSD such, that it will have IP1 internally (in hosts, in hostname.en0, sockets binds to IP1), but convert it to IP2 when packet goes to ethernet. Also, packets for the IP2 should be received and delivered to services which were bind to IP1.

I think, this is possible in Linux, with iptables firewall (something like by DNAT/SNAT), but now I want to do this on OpenBSD.

I can setup routing of real LAN in any way.

networking iptables openbsd

3 Answers

  1. This should be more or less doable with an alias on the interface and minor PF/NAT magic. Have you looked at all into the PF guide?

    • 0

  2. This can be very easily done with pf(4) and its nat, binat and rdr rules.

    It sounds like you specifically want to look into the binat rules; the way all these rules are written has changed a couple of releases back (from nat ... -> ..., to pass ... nat-to ...), but with OpenBSD 5.2 it should be as follows (example taken directly from http://www.openbsd.org/faq/pf/nat.html#binat):

    web_serv_int = "192.168.1.100"
web_serv_ext = "24.5.0.6"

pass on tl0 from $web_serv_int to any binat-to $web_serv_ext`

    See more info about NAT and traffic redirection in OpenBSD here:

    http://www.openbsd.org/faq/pf/nat.html
    http://www.openbsd.org/faq/pf/rdr.html

    • 0

  3. You can modify kernel to substitute IP1 with IP2 for outgoing traffic and vice versa.

    What protocol you have in mind ?

    • -2