Re: Removing PF

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: Removing PF
From: "John D. Baker" <jdbaker%consolidated.net@localhost>
Date: Sun, 7 Apr 2019 18:25:33 -0500 (CDT)

On Sun, 7 Apr 2019, Mindaugas Rasiukevicius wrote:

> You *can* use ifaddrs(netifN) for a NAT rule in NetBSD -current, but
> you need to specify the address selection algorithm.  Currently,
> "ip-hash" or "round-robin".  You cannot select just the first address,
> though.  That is something I can look into.

I see.  This sounds like something I used on a pf/OpenBSD system which
NATed several internal RFC1918 networks to a statically-assigned /27
subnet's worth of public IP addresses (using an "ip-hash" algorithm).
It took a bit of tweaking of subnet definitions and NAT rules to avoid
it trying to NAT through the network or broadcast addresses ;)

As such, the interface's addresses were assigned with appropriate
statements in the "/etc/hostname.if" file (OpenBSD) for the public-
facing interface.

Is it possible to assign multiple addresses in a dynamic fashion
(DHCP, PPP[oE], ???) that ifaddrs(netifN) is meaningful?

Maybe an additional address-selection algorithm that selects any
specified elements of the list?

Thanks.

-- 
|/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
|\ / jdbaker[snail]consolidated[flyspeck]net  OpenBSD            FreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Follow-Ups:
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: Mindaugas Rasiukevicius

References:
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: John D. Baker
- Re: Removing PF
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Removing PF
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index