From owner-freebsd-net  Wed Jul 26 11:25:30 2000
Delivered-To: freebsd-net@freebsd.org
Received: from rapidnet.com (rapidnet.com [205.164.216.1])
	by hub.freebsd.org (Postfix) with ESMTP id C949237BD52
	for <freebsd-net@freebsd.org>; Wed, 26 Jul 2000 11:25:24 -0700 (PDT)
	(envelope-from nick@rapidnet.com)
Received: from localhost (nick@localhost)
	by rapidnet.com (8.9.3/8.9.3) with ESMTP id MAA85619;
	Wed, 26 Jul 2000 12:25:04 -0600 (MDT)
Date: Wed, 26 Jul 2000 12:25:04 -0600 (MDT)
From: Nick Rogness <nick@rapidnet.com>
To: Sven Anderson <sven@anderson.de>
Cc: freebsd-net@freebsd.org
Subject: Re: no static NAT for router itself?
In-Reply-To: <Pine.LNX.4.21.0007251537170.11491-100000@maelstrom.anderson.de>
Message-ID: <Pine.BSF.4.21.0007261204140.48391-100000@rapidnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 25 Jul 2000, Sven Anderson wrote:

> 
> I have a problem with my static NAT setup:
> 
> isn't it possible, that connections originating from the router itself
> to the external ips are also corecctly nated to the internal ip's?
> 
> First the setup-details:
> 
> stoffel:~ # ifconfig -a
> ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 134.76.25.223 netmask 0xffffff00 broadcast 134.76.25.255
>         inet 134.76.25.224 netmask 0xffffffff broadcast 134.76.25.224
>         inet 134.76.25.225 netmask 0xffffffff broadcast 134.76.25.225


	Why do you have these addresses bound to this card?  Is
	your provider routing them to you?


> de0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         inet 172.27.10.254 netmask 0xffff0000 broadcast 172.27.255.255
>         ether 00:80:c8:44:14:d7 
>         media: autoselect (100baseTX <full-duplex>) status: active
>         supported media: autoselect 100baseTX <full-duplex> 100baseTX
> 10baseT/UTP <full-duplex> 10baseT/UTP
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet 127.0.0.1 netmask 0xff000000 
> 

> What does not work:
> 
> Packets originating from the router to one of the external aliased IPs,
> f.e. 134.76.25.224, are nated correctly to the internal IP 172.27.7.23,
> BUT the source address of the packet is not 134.76.25.223 (the router) as
> it should be but 134.76.25.224 (the NAT-alias)! If i look at the netmask
> of the alias-interface this is actually correct, because the netmask fits
> exactly 134.76.25.224, so that the source-address is set to the IP of
> the interface, which is the same IP. To prevent this, a netmask that
> matches never is needed.

	Have you tried the -alias_address option instead of -n ?

> 
> Well, so I assumed, that defining the external IPs as alias-interfaces is
> not the right way to do static NAT (btw.: why there is no HOWTO for this,
> is static NAT really used so seldom?). So I tried catching the external

	No, I use it all of the time as (I assume) many people do.


Nick Rogness
- Drive defensively.  Buy a tank.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message