Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 May 2000 16:32:30 -0500
From:      Adrian Gonzalez <adrianbsd@globalpc.net>
To:        Haider Roland <r.haider@liwest.at>, "'freebsd-isp@freebsd.org'" <freebsd-isp@FreeBSD.ORG>
Cc:        "'David H. Brierley'" <dave@galaxia.com>
Subject:   Re: AW: Routing: diverting only some nets to natd
Message-ID:  <3.0.6.32.20000522163230.0096d6f0@globalpc.net>
In-Reply-To: <1F879C64A1A7D211B0F10004AC4C07FC119D30@OFFICE1_LIWEST>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi there

I think I see what your problem is...

At 08:11 AM 5/22/00 +0200, Haider Roland wrote:
<snip>
>
>What i want is that 1.2.1.0 & 1.2.2.0 get routed straight through to
>1.2.6.1 (works) and 1.2.3.0 & 1.2.4.0 get translated to 1.2.6.7 and
>then sent to 1.2.6.1.
>
>My problem is, that as long as i use
>
>ipfw add divert ip from any to any via fxp0
>
>all 4 nets get translated, and if i use
>
>ipfw add divert ip from 1.2.3.0/24 to any via fxp0
>ipfw add divert ip from 1.2.4.0/24 to any via fxp0
>
>only the routing works and nothing gets translated.

those two divert rules translate anything coming from 1.2.3.0 and 1.2.3.0
to 1.2.6.7, which is just what you want, but you're forgetting to translate
the packets that come back.
Say a ping packet originates at 1.2.3.1 and it's destination is 10.1.1.1.
It will get translated to a packet from 1.2.6.7 to 10.1.1.1.  When 10.1.1.1
replies, it'll be to 1.2.6.7.  So something like:

ipfw add divert all from any to 1.2.6.7

should do the trick.  Add in the 'via' correct interface if you need that too.

Hope this helps.  Also, when in doubt, use natd -v so you can see which
packets are getting aliased and which aren't

Another viable solution would be to add rules to permit everything from the
nets that are routed straight through before, and keep the divert from any
to any for later/last.

-Adrian




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.20000522163230.0096d6f0>