Date: Tue, 19 Oct 1999 12:24:40 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Brian Beattie <beattie@aracnet.com> Cc: hackers@freebsd.org Subject: Re: natd question Message-ID: <Pine.BSF.4.05.9910191146090.99921-100000@rapidnet.com> In-Reply-To: <Pine.LNX.4.10.9910191020170.24214-100000@shell2.aracnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Oct 1999, Brian Beattie wrote:
[snip]
>
> How about:
>
> (~~~~~~~~~~) (~~~~~~~~~~)
> ( ) +-------+ +-------+ ( )
> + + | | | | + +
> ( 130.144.120/22 ) -- |FreeBSD| ---- |FreeBSD| --( 130.144.120/22 )
> + (real) + | | | | + (test) +
> ( ) +-------+ +-------+ ( )
> (~~~~~~~~~~) (~~~~~~~~~~)
>
> Using 10.0.0.0 on the network in the middle
>
I originally had this idea but the problem is when a machine from
the 'test' network, lets say 130.144.120.1, tries to reach a
machine on the 'real' network, let's say 130.144.120.2. Packets
will never be routed properly because it will never leave the
'test' network. The machines on both sides would not send the
packets to the gateway since the the destination is considered
to be local.
Unless there is specific static routes on all
machines pointing to higher netmasked hosts they will never
be routed across the BSD machines. Even if they were to make it
across the return packets would never make it back unless there
were static routes on the other side as well.
Even if you did get the routing tables setup right on both sides
you would then also have to deal with duplicate IP addresses, on
a LAN.
I have just thought of a way to keep the the ip addresses the same
and let NATD handle the IP pointers. However, there will be some
renumbering involved:
(~~~~~~~~~~) 10.11.0.0/30 (~~~~~~~~~~)
( ) +-------+ +-------+ ( )
+ + | | | | + +
( 10.10.0.0/22 ) -- |FreeBSD| ---- |FreeBSD| -- ( 10.10.0.0/22 )
+ (real) + | | | | + (test) +
( ) +-------+ +-------+ ( )
(~~~~~~~~~~) NATD-1 NATD-2 (~~~~~~~~~~)
If you setup 2 different machines with 2 ethernet cards in them,
configure them to connect to each other with a different network
range from the remote sides. Run NatD on those interfaces.
Then you setup 2 different address translation tables
on each FBSD machine that has static pointers to the real machine
IP's using the natd config table eg:
#NATD-1 config file
port 8668
interface de0
redirect_address 10.10.0.1 130.144.120.1
redirect_address 10.10.0.2 130.144.120.2
redirect_address 10.10.0.3 130.144.120.3
.
.
.
redirect_address 10.10.0.20 130.144.120.19
#NATD-2 config file
port 8668
interface de0
redirect_address 10.10.0.1 130.144.120.20
redirect_address 10.10.0.2 130.144.120.25
redirect_address 10.10.0.3 130.144.120.35
.
.
.
redirect_address 10.10.0.20 130.144.120.60
Then you just refer to the machines when communicating between
each network as 130.144.120.XXX. That way the FreeBSD machines
make the decision on which public packets need to get diverted
to which local machine. Also you can change these mappings fairly
easily and your mappings will take place without ever having to
change IP addresses on your local machines.
Just an idea.
*******************************************************************
Nick Rogness Shaw's Principle:
System Administrator Build a system that even a fool
RapidNet, INC can use, and only a fool will
nick@rapidnet.com want to use it.
*******************************************************************
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9910191146090.99921-100000>