From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 26 19:03:44 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2C84B16A407
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Apr 2007 19:03:44 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 035D213C4BC
	for <freebsd-questions@freebsd.org>;
	Thu, 26 Apr 2007 19:03:43 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay5.apple.com (a17-128-113-35.apple.com [17.128.113.35])
	by mail-out4.apple.com (8.13.8/8.13.8) with ESMTP id l3QJ3hHg011912;
	Thu, 26 Apr 2007 12:03:43 -0700 (PDT)
Received: from relay5.apple.com (unknown [127.0.0.1])
	by relay5.apple.com (Symantec Mail Security) with ESMTP id B440229C006; 
	Thu, 26 Apr 2007 12:03:43 -0700 (PDT)
X-AuditID: 11807123-a25dcbb0000013cb-84-4630f78f59c2 
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay5.apple.com (Apple SCV relay) with ESMTP id 9F5E930400C;
	Thu, 26 Apr 2007 12:03:43 -0700 (PDT)
In-Reply-To: <5855700c0704261135m7ddc06dbuc74e501e9bef3ca1@mail.gmail.com>
References: <5855700c0704261135m7ddc06dbuc74e501e9bef3ca1@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
Message-Id: <1B9C1908-4B89-4672-9912-1887A29D3623@mac.com>
Content-Transfer-Encoding: quoted-printable
From: Chuck Swiger <cswiger@mac.com>
Date: Thu, 26 Apr 2007 12:03:42 -0700
To: =?ISO-8859-1?Q?Miguel_Alc=E1ntara?= <miguel.alc@gmail.com>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: faqfreebsd <freebsd-questions@freebsd.org>
Subject: Re: PF NAt
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2007 19:03:44 -0000

On Apr 26, 2007, at 11:35 AM, Miguel Alc=E1ntara wrote:
> /etc/rc.conf
>
> gateway_enable =3D "YES"
>
> ifconfig_vr0=3D"inet 192.168.1.2 netmask 255.255.255.0"
> ifconfig_xl0=3D"inet 192.168.1.3 netmask 0xffffffff"
> squid_enable=3D"YES"

You're not going to have much luck trying to do NAT if both =20
interfaces are on the same subnet.  Other machines will simply =20
broadcast to the other LAN addresses without being re-written by this =20=

machine.

For NAT to work, the traffic has to flow through this machine as a =20
router (or gateway), which means that they can't be using something =20
like 192.168.1.1 as the router.  You'll have to change vr0 to use a =20
publicly routable IP if your want to use it as the "external NIC".

--=20
-Chuck