Date: Wed, 26 Jul 2000 12:25:04 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Sven Anderson <sven@anderson.de> Cc: freebsd-net@freebsd.org Subject: Re: no static NAT for router itself? Message-ID: <Pine.BSF.4.21.0007261204140.48391-100000@rapidnet.com> In-Reply-To: <Pine.LNX.4.21.0007251537170.11491-100000@maelstrom.anderson.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jul 2000, Sven Anderson wrote: > > I have a problem with my static NAT setup: > > isn't it possible, that connections originating from the router itself > to the external ips are also corecctly nated to the internal ip's? > > First the setup-details: > > stoffel:~ # ifconfig -a > ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 134.76.25.223 netmask 0xffffff00 broadcast 134.76.25.255 > inet 134.76.25.224 netmask 0xffffffff broadcast 134.76.25.224 > inet 134.76.25.225 netmask 0xffffffff broadcast 134.76.25.225 Why do you have these addresses bound to this card? Is your provider routing them to you? > de0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > inet 172.27.10.254 netmask 0xffff0000 broadcast 172.27.255.255 > ether 00:80:c8:44:14:d7 > media: autoselect (100baseTX <full-duplex>) status: active > supported media: autoselect 100baseTX <full-duplex> 100baseTX > 10baseT/UTP <full-duplex> 10baseT/UTP > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > > What does not work: > > Packets originating from the router to one of the external aliased IPs, > f.e. 134.76.25.224, are nated correctly to the internal IP 172.27.7.23, > BUT the source address of the packet is not 134.76.25.223 (the router) as > it should be but 134.76.25.224 (the NAT-alias)! If i look at the netmask > of the alias-interface this is actually correct, because the netmask fits > exactly 134.76.25.224, so that the source-address is set to the IP of > the interface, which is the same IP. To prevent this, a netmask that > matches never is needed. Have you tried the -alias_address option instead of -n ? > > Well, so I assumed, that defining the external IPs as alias-interfaces is > not the right way to do static NAT (btw.: why there is no HOWTO for this, > is static NAT really used so seldom?). So I tried catching the external No, I use it all of the time as (I assume) many people do. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007261204140.48391-100000>