Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Feb 2016 06:25:16 -0700 (MST)
From:      Warren Block <wblock@wonkity.com>
To:        Julian Elischer <julian@freebsd.org>
Cc:        Ian Smith <smithi@nimnet.asn.au>, freebsd-net@freebsd.org, galtsev@kicp.uchicago.edu
Subject:   Re: gateway machine port redirect question
Message-ID:  <alpine.BSF.2.20.1602230612450.44670@wonkity.com>
In-Reply-To: <56CC04D8.6060206@freebsd.org>
References:  <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu> <56CA5519.4080000@freebsd.org> <20160222175549.L51785@sola.nimnet.asn.au> <56CC04D8.6060206@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 22 Feb 2016, Julian Elischer wrote:

> I Believe the problem is as follows:
>
> there are two machines inside the NAT'd lan,  A and B, (local addresses) .
> The NAT machine is X on the outside and Y on the inside.
> B is also visible to the outside world as the Nat'd address C (which may or 
> may not be the same as X).
>
> A wants to be able to send a request to address C and have it bounce back to 
> B, (with a source address of Y).
> The reply to Y should in turn be bounced back to A.
>
> This is quite complicated and while I am sure we could work out how it 
> should be done I can't just rattle off an answer. It probably requires 
> two instances of NAT a regular NAT on the external interface, and a 
> reverse nat on the inside interface, triggering on outgoing packets. 
> turning them around

Um... I think that is effectively what those few lines of PF I posted 
do.  Granted, it is probably a lot easier with PF.

There is a server inside my LAN.  I needed to access it by its outside 
address regardless of whether the client was inside or outside.  And the 
excerpts I posted earlier work.  It is actually just three things in 
addition to the standard gateway NAT:

1. The NAT for the LAN to the inside server
2. The redirect from the LAN to the inside server
3. The redirect from the outside to the inside server

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1602230612450.44670>