# Pass out with a IP



## SacamantecaS (Dec 27, 2012)

Hello

I have a server with multiple public IP and contain various jails with internal IP (rfc1918). When I need to access outside, always use the same IP (as defined route) How I can change behavior and make forwarding and pretend to go out with some IP? I need it because many of the teams to which I connect, need to specify the source IP of the connection.

It occurred to me to use NAT for output, but not if it worked well or has a more optimal and best of it.


```
pass out on em1 from INTERNAL to any nat-to PUBLIC
pass out on em1 from INTERNAL to any
```

Thank you very much.

Regards


----------



## bbzz (Dec 27, 2012)

I'm sorry I don't quite get the question.

Do you have multiple interfaces all with different IPs or one interface with multiple IPs?
Do you want to specify source IP when going outside ie. NAT to one of your public IPs?
Do you want to be able to use more than one public IP to connect from outside to inside network?

Maybe a simple drawing is in order as well.


----------



## SirDice (Dec 28, 2012)

Bind your jails to lo1 and use a different subnet on them. You can then use NAT on your physical interface.


----------



## SacamantecaS (May 20, 2013)

Excuse me it took to respond, I could not do before.

Indeed, I have several interfaces (em0, em1, em2). em0 has several public IPs configured and em1 has several internal IPs. The system also has several jails: with public IPs, internal IPs, and a mixture of both.

I have multiple processes running in jails with internal IPs which must communicate with other computers in another place and should go out with one of the public IPs as it is the only accessible by firewalls. So far I have configured public IPs (ports) to do a redirect to jails with internal IPs.


```
JAIL1 (private IP - rfc1918) --> NAT or other ( Specified IP Public) --> PROVIDER (other system)
JAIL2 (private IP - rfc1918) --> NAT or other ( Specified IP Public) --> PROVIDER (other system)
JAIL3 (private IP - rfc1918) --> NAT or other ( Specified IP Public) --> PROVIDER (other system)
```

Thanks

Regards


----------

