Can you create a FreeBSD gateway, with private IPs, without NAT/divert ?

[None Secure]

Yes, but in this case BOTH IPs of the gateway - both the external and the internal interfaces - are non-routable IPs, and so is my ISP cable modem.

192.168.1.1 is the cable modem
192.168.1.2 is external interface of my FreeBSD
10.10.10.1 is internal interface of my FreeBSD

... and my client (10.10.10.2) could not get through to the outside world using just plain old gateway_enable=yes.  The configuration that always works with real IPs did not work with this.

So, I followed the FreeBSD handbook which uses divert and natd, and it worked perfectly.

No, I am not trying to access the internal systems from the outside world - I don't have a need for that.

BUT, I am wondering if it is any way possible to run a gateway like this *without* divert and natd ?

Thanks.


On Friday, June 6, 2014 11:40 PM, Erich Dollansky <erich at alogt.com> wrote:
 


Hi,


On Fri, 6 Jun 2014 23:22:46 -0700 (PDT)
None Secure via freebsd-net <freebsd-net at freebsd.org> wrote:

> BUT, what if my ISP is giving me a private IP, and my internal
> network is also private IPs ?  External gateway address is
> 192.168.1.2 and internal gateway address is 10.10.10.1 ... the ONLY
> way I could make this work is with natd and ipfw divert rules.
> 
> My question is:  is it possible to have a network of non-routable
> IPs, and a gateway with non-routable Ips on internal and external
> interfaces, and NOT use natd/divert ?  Can it be done with no ipfw
> rules at all, just like I used to ?
> 
what should be the problem? I did some time ago when the ISP gave us
only a single IP address. The local machines connected to the gateway,
the gateway connected via a second interface to the ISP.

Of course, only the gateway was visible from outside. If you want to
access the internal machines from outisde, you will need NAT. 

Erich