From owner-freebsd-hackers Tue Aug 6 3: 5:17 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47A1D37B400 for ; Tue, 6 Aug 2002 03:05:14 -0700 (PDT) Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id D81D643E5E for ; Tue, 6 Aug 2002 03:05:13 -0700 (PDT) (envelope-from dmp@pantherdragon.org) Received: from sparx.pantherdragon.org (evrtwa1-ar10-4-61-252-210.evrtwa1.dsl-verizon.net [4.61.252.210]) by spork.pantherdragon.org (Postfix) with ESMTP id 0234BFDDC; Tue, 6 Aug 2002 03:05:11 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by sparx.pantherdragon.org (Postfix) with ESMTP id E7F48A923; Tue, 6 Aug 2002 03:05:09 -0700 (PDT) Message-ID: <3D4F9F55.97C33E1F@pantherdragon.org> Date: Tue, 06 Aug 2002 03:05:09 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Daniel O'Connor Cc: freebsd-hackers@freebsd.org Subject: Re: Routing question References: <1028626347.16577.96.camel@chowder.gsoft.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Daniel O'Connor wrote: > I would like to be able to make the FBSD box present all packets to the > tun0 of the form 10.0.2.0/24 NOT my assigned IP. > > For every machine on my LAN this is what actually happens but because > the FBSD machine can pass packets directly to the tun0 device those > packets have the assigned IP. > > The main reason this is a problem is writing firewall rules. I have to > bend over backwards to make sure I don't block my tun0 IP. Maybe you could seek some help with your ruleset? Writing a ruleset for a NAT'ing router with a dynamic public IP gets tricky, but there are ways around it. You can build a ruleset that will work entirely independant of your public IP if you're willing to rely on your ISP's routing configuration. > Note that I'm running 'ppp -alias' but it is the same situation where > your ISP allocates you some address space but gives you a tun address in > a different subnet (see Telstra BigPond Direct). > > I could swear someone told me how to do this and I wrote it in my log > book but of course I can't find it.. Disable NAT. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message