From owner-freebsd-net@FreeBSD.ORG Wed Jan 14 13:20:32 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3841A16A4CE for ; Wed, 14 Jan 2004 13:20:32 -0800 (PST) Received: from imhotep.yuckfou.org (cust.89.117.adsl.cistron.nl [195.64.89.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 987F543D58 for ; Wed, 14 Jan 2004 13:20:25 -0800 (PST) (envelope-from nivo+sender+8eb026@yuckfou.org) Received: from localhost (localhost [127.0.0.1]) by imhotep.yuckfou.org (Postfix) with ESMTP id 969E2234 for ; Wed, 14 Jan 2004 22:24:12 +0100 (CET) Received: from imhotep.yuckfou.org ([127.0.0.1]) by localhost (imhotep.yuckfou.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 96137-09 for ; Wed, 14 Jan 2004 22:24:12 +0100 (CET) Received: by imhotep.yuckfou.org (Postfix, from userid 1000) id 21B07233; Wed, 14 Jan 2004 22:24:12 +0100 (CET) Received: from yuckfou.org (turbata-xp [192.168.2.236]) by localhost.yuckfou.org (tmda-ofmipd) with ESMTP; Wed, 14 Jan 2004 22:24:10 +0100 (CET) Message-ID: <4005B296.8040201@yuckfou.org> Date: Wed, 14 Jan 2004 22:20:22 +0100 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030912 Thunderbird/0.3a X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <56020.148.243.211.1.1074064019.squirrel@mail.unixmexico.com> In-Reply-To: <56020.148.243.211.1.1074064019.squirrel@mail.unixmexico.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit From: Nils Vogels X-Delivery-Agent: TMDA/1.0 (Cannonade) X-TMDA-Fingerprint: DhqjKnKIKhf3RnielioblAGCyvA X-Virus-Scanned: by amavisd-new at yuckfou.org Subject: Re: Routing Networks X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nils Vogels List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 21:20:32 -0000 Nicolás de Bari Embríz G. R. wrote: >Hi all, I need some help routing or making Nat on a LAN. > >I have something like this: > > > I N T E R N E T > ----------------- > ^ ^ > | | >fxp0 public IP public IP > | | > FreeBSD server LINUX server > | | >dc0 192.168.10.1 | >dc1 192.168.1.1 ^ 192.168.1.3 > ^ | ^ > | | | > | | | > ---------------- > | Switch/Hub | > ---------------- > | | > ------------------ ----------------- > | LAN A | | LAN B | > | 192.168.10.2-254 | | 192.168.1.4-100 | > ------------------ ----------------- > >I have running a FreeBSD server as a gateway and DHCP, the server share >the Internet to all the computers on LAN A (192.168.10.0/24). > >The server have 3 network cards: > >fxp0 is public IP. >dc0 is the gateway for the LAN A "192.168.10.1". >dc1 has IP 192.168.1.1 ( need help with this ). > > >Right now i am just using fxp0 and dc0 so any computer on the LAN A >"192.168.10.2-254" can have Internet, my ipnat.rules file looks like this: > >-- >map fxp0 192.168.10.1/24 -> 0/32 portmap tcp/udp auto >map fxp0 192.168.10.1/24 -> 0/32 >-- > >until that point everything just work OK. > >There is another network, I will call it LAN B, this LAN make the same >thing that i am doing with the FreeBSD Server, but instead it uses LINUX, >the m achine have 2 network cars. > >eth0 has a public IP. >eth1 is the gateway for the LAN B "192.168.1.3" > > >Both networks are connected to the same switch/hub, but now i need that >the computers of LAN A can see "ping" computers on LAN B. > > You need to tell the Linux server, that it can reach the clients on LAN A via the 192.168.1.1 IP address. This can be done by putting a route in the routing table of the linux box, along the lines of this command: route add -net 192.168.10.0/24 192.168.1.1 Offcourse, the syntax might be slightly off. If you *REALLY REALLY* cannot make this change on the Linux box (really, it's only minor, nothing to worry about for it's sysadmin) you could try to NAT the traffic when going from LAN A to the server. This however will only make connections /FROM/ LAN A /TO/ the Linux box possible. Connections /TO/ LAN A /FROM/ the Linux box will not be possible. This should work with an ipnat rule that goes something along the lines of: map dc1 192.168.10.0/24 -> 192.168.1.1/32 portmap tcp/udp auto map dc1 192.168.10.0/24 -> 192.168.1.1/32 HTH & HAND -- Simple guidelines to happiness: Work like you don't need the money, love like your heart has never been broken and dance like no one can see you.