SOLVED: 3 NICs NAT setup, almost there ...
Paiva, Gilson de
g-paiva at el.com.br
Mon May 26 09:48:16 PDT 2003
I could get this working by:
natd.conf:
redirect_address 192.168.1.x public_address
same_ports yes
unregistered_only yes
use_socks yes
The secret, thanks to Barney Wolff, is to run two instances of nat, but
the real trick is -alias_address public_address on rl0 packets, this way:
/sbin/natd -f /etc/natd.conf -n ep0
/sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address
and
ipfw add xxx divert 8668 all from any to any via ep0
ipfw add xxx divert 8669 all from any to any via rl0
Thanks Barney!
>
>> On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote:
>>> Hi,
>>>
>>> Take this scenario:
>>>
>>>
>>> xxx/26 yyy/26
>>> internet --- ep0 freebsd rl0 --- wired clients
>>> ep1
>>> | private ip ( 192.168.1.0/24 )
>>> |
>>> wireless
>>>
>>> I have to nat packets with destination to an ip xxx/26 to an ip at
private
>>> ip net. So far so good with "common" redirect_address nat
>>> configuration.
>>> The problem happens with traffic between net yyy/26 and the private
network ( and vice-versa ) because packets get routed to destination
before they get translated by natd.
>>> What´s the secret ? I tried everything I known and learned from
reading but no setup could work out.
>>
>> I'd use ipfw and natd, and run two instances of natd listening on
different
>> divert sockets. Rules in ipfw can divert the packets to the right natd
depending on where the packets are coming from or going to.
>>
>> --
>> Barney Wolff http://www.databus.com/bwresume.pdf
>> I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Paiva, Gilson de Domingos Martins
> mailto:npd at el.com.br Brazil
> http://www.el.com.br/ E&L Producoes de Software
> http://www.FreeBSD.org/ FreeBSD: The Power to Serve
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
> ------------------------------------------------------------------------------
Aviso Legal:
> Esta mensagem pode nao expressar oficialmente as ideias ou vontades da
empresa
> E&L Producoes de Software, sendo responsavel por esta exclusivamente seu
autor.
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Paiva, Gilson de Domingos Martins
mailto:npd at el.com.br Brazil
http://www.el.com.br/ E&L Producoes de Software
http://www.FreeBSD.org/ FreeBSD: The Power to Serve
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
Aviso Legal:
Esta mensagem pode nao expressar oficialmente as ideias ou vontades da
empresa E&L Producoes de Software, sendo responsavel por esta
exclusivamente seu autor.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Paiva, Gilson de Domingos Martins
mailto:npd at el.com.br Brazil
http://www.el.com.br/ E&L Producoes de Software
http://www.FreeBSD.org/ FreeBSD: The Power to Serve
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
Aviso Legal:
Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa
E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor.
More information about the freebsd-net
mailing list