From owner-freebsd-isp Mon May 22 14:33:12 2000 Delivered-To: freebsd-isp@freebsd.org Received: from nlaredo.globalpc.net (nld2.globalpc.net [207.193.206.189]) by hub.freebsd.org (Postfix) with ESMTP id 1AFC037B5AE for ; Mon, 22 May 2000 14:33:03 -0700 (PDT) (envelope-from adrianbsd@globalpc.net) Received: from ds9 (ds9.globalpc.net [207.193.204.57]) by nlaredo.globalpc.net (8.9.3/8.9.2) with SMTP id QAA65474; Mon, 22 May 2000 16:32:41 -0500 (CDT) (envelope-from adrianbsd@globalpc.net) Message-Id: <3.0.6.32.20000522163230.0096d6f0@globalpc.net> X-Sender: adrianbsd@globalpc.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Mon, 22 May 2000 16:32:30 -0500 To: Haider Roland , "'freebsd-isp@freebsd.org'" From: Adrian Gonzalez Subject: Re: AW: Routing: diverting only some nets to natd Cc: "'David H. Brierley'" In-Reply-To: <1F879C64A1A7D211B0F10004AC4C07FC119D30@OFFICE1_LIWEST> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there I think I see what your problem is... At 08:11 AM 5/22/00 +0200, Haider Roland wrote: > >What i want is that 1.2.1.0 & 1.2.2.0 get routed straight through to >1.2.6.1 (works) and 1.2.3.0 & 1.2.4.0 get translated to 1.2.6.7 and >then sent to 1.2.6.1. > >My problem is, that as long as i use > >ipfw add divert ip from any to any via fxp0 > >all 4 nets get translated, and if i use > >ipfw add divert ip from 1.2.3.0/24 to any via fxp0 >ipfw add divert ip from 1.2.4.0/24 to any via fxp0 > >only the routing works and nothing gets translated. those two divert rules translate anything coming from 1.2.3.0 and 1.2.3.0 to 1.2.6.7, which is just what you want, but you're forgetting to translate the packets that come back. Say a ping packet originates at 1.2.3.1 and it's destination is 10.1.1.1. It will get translated to a packet from 1.2.6.7 to 10.1.1.1. When 10.1.1.1 replies, it'll be to 1.2.6.7. So something like: ipfw add divert all from any to 1.2.6.7 should do the trick. Add in the 'via' correct interface if you need that too. Hope this helps. Also, when in doubt, use natd -v so you can see which packets are getting aliased and which aren't Another viable solution would be to add rules to permit everything from the nets that are routed straight through before, and keep the divert from any to any for later/last. -Adrian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message