Reverse IP NAT to secondary IP address
Nils Vogels
nivo+sender+8eb026 at yuckfou.org
Sun Oct 26 05:02:01 PST 2003
"."@babolo.ru wrote:
>>Since I have the internet on the same interface, but on the primary IP
>>instead, would enabling ARP PROXY not fill the ARP table with every host
>>on the internet, that tries to contact the gateway ?
>>
>>
>Are you using default route?
>If yes, only default router's MAC used for every external IP.
>
>
>
OK, great.
>>>No NAT is needed.
>>>
>>>
>>>
>>I just tried this, but unfortunately, the same thing happens as with
>>ipfilter:
>>
>>The primary address of the interface ed0 on the gateway (the public
>>adress) is used to forward the arp request.
>>
>>Taken from a dump on the gateay, when attempting telnet:
>>
>>Incoming on rl0:
>>03:35:05.867883 192.168.0.2.1511 > 192.168.2.2.23: S
>>1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10]
>>
>>Outgoing on ed0:
>>03:35:05.868333 195.0.0.1.15009 > 192.168.2.2.23: S
>>1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10]
>>
>>
>No NAT is needed.
>Just allow 192.168.0.2 <-> 192.168.2.2 flow directly,
>not via NAT
>
>
I just changed my ipnat rule to:
map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32
map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp
15000:19999
And this is now working. Thanks a bunch! ;-)
More information about the freebsd-net
mailing list