From owner-freebsd-net@FreeBSD.ORG Fri May 23 09:49:09 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26DDB37B401; Fri, 23 May 2003 09:49:09 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 243B643FB1; Fri, 23 May 2003 09:49:08 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.9/8.12.9) with ESMTP id h4NGn29r036699; Fri, 23 May 2003 12:49:02 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.9/8.12.9/Submit) id h4NGn2Y2036698; Fri, 23 May 2003 12:49:02 -0400 (EDT) Date: Fri, 23 May 2003 12:49:02 -0400 From: Barney Wolff To: "Paiva, Gilson de" Message-ID: <20030523164902.GA36660@pit.databus.com> References: <1091.192.168.1.39.1053704739.squirrel@intranet.el.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1091.192.168.1.39.1053704739.squirrel@intranet.el.com.br> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: freebsd-net@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: 3 NICs NAT setup, almost there ... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2003 16:49:09 -0000 On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote: > Hi, > > Take this scenario: > > > xxx/26 yyy/26 > internet --- ep0 freebsd rl0 --- wired clients > ep1 > | private ip ( 192.168.1.0/24 ) > | > wireless > > I have to nat packets with destination to an ip xxx/26 to an ip at private > ip net. So far so good with "common" redirect_address nat configuration. > The problem happens with traffic between net yyy/26 and the private > network ( and vice-versa ) because packets get routed to destination > before they get translated by natd. > What´s the secret ? I tried everything I known and learned from reading > but no setup could work out. I'd use ipfw and natd, and run two instances of natd listening on different divert sockets. Rules in ipfw can divert the packets to the right natd depending on where the packets are coming from or going to. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.