From owner-freebsd-net@FreeBSD.ORG  Fri Oct  1 06:52:02 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9A17E16A4CE; Fri,  1 Oct 2004 06:52:02 +0000 (GMT)
Received: from asum.kodu.ee (asum.kodu.ee [212.27.241.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1321743D2F; Fri,  1 Oct 2004 06:52:01 +0000 (GMT)
	(envelope-from juhani@kernel.ee)
Received: from [192.168.1.9] (panic.kernel.ee [212.27.241.3])
	by asum.kodu.ee (8.12.9p2/8.12.8) with ESMTP id i916pvNC091419;
	Fri, 1 Oct 2004 09:51:58 +0300 (EEST)
	(envelope-from juhani@kernel.ee)
Message-ID: <415CFE85.8040005@kernel.ee>
Date: Fri, 01 Oct 2004 09:51:49 +0300
From: Juhani Tali <juhani@kernel.ee>
User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040824)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: miha@ghuug.org
References: <200410010543.42789.miha@ghuug.org>
In-Reply-To: <200410010543.42789.miha@ghuug.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
cc: freebsd-isp@freebsd.org
cc: freebsd-net@freebsd.org
Subject: Re: confusion with natd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2004 06:52:02 -0000

Mikhail P. wrote:

> HOST_A:
> FreeBSD, serves as gateway (NAT) for LAN (192.168.0.0/24)
> has two NICs:
> rl0 - internal (192.168.0.1)
> rl1 - external (connected to DSL modem), runs natd (natd -n rl1)
> net.inet.ip.forwarding=1
> openvpn from ports
> 
> HOST_B:
> FreeBSD, remote host, single NIC, public IP.
> net.inet.ip.forwarding=1
> openvpn from ports

I would set it up like so:

This one in host B
> natd -interface rl1

And this in host A
> natd -port 8568 -interface tun0

You need to translate all the 192.168.0.x to tunnel's address and you 
cannot do it in host B, because it has no direct connection to 192.168.0.x.
Another solution is with routing, so host B has direct access to the 
192.168.0.x network.

> I have been pulling hair off my poor head for few hours on this issue, but did 
> not come to solution, so I'm looking for advises.


Juhani Tali