From owner-freebsd-stable@FreeBSD.ORG Mon Nov 21 18:54:42 2005 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A5B116A41F for ; Mon, 21 Nov 2005 18:54:42 +0000 (GMT) (envelope-from ptroot@iaces.com) Received: from iaces.com (horton.iaces.com [204.147.87.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABE8943D49 for ; Mon, 21 Nov 2005 18:54:41 +0000 (GMT) (envelope-from ptroot@iaces.com) Received: from [204.147.87.125] (borg.iaces.com [204.147.87.125]) (authenticated bits=0) by iaces.com (8.13.4/8.13.3) with ESMTP id jALIsC92006718 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 21 Nov 2005 12:54:13 -0600 (CST) (envelope-from ptroot@iaces.com) Message-ID: <438217EC.7010905@iaces.com> Date: Mon, 21 Nov 2005 12:54:36 -0600 From: "Paul T. Root" User-Agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: stable@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: tunnels through a NAT device X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 18:54:42 -0000 I sent this out Saturday from home, but it doesn't look like it went out... -------- Original Message -------- Message-ID: <437FBAB2.9070907@iaces.com> Date: Sat, 19 Nov 2005 17:52:18 -0600 From: Paul Root User-Agent: Thunderbird 1.5 (Macintosh/20051025) MIME-Version: 1.0 To: freebsd-stable Subject: tunnels through a NAT device Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm trying to setup and encrypted tunnel between 2 FreeBSD machines. Yesterday, I did get the tunnel up between two machines on the same network, and got it encrypted. Pretty easy following the handbook. Now, I have a machine at home behind a DSL modem (Actiontec) that NATs everything. I've made the machine the DMZ host for the Actiontec, which basically passes all ports not otherwise directed to the machine. The machines are both Sparcs. I'm using aliases for routing. Internet machine: hme0: flags=8843 mtu 1500 options=b inet A.B.C.D netmask 0xffffffe0 broadcast A.B.C.Z inet6 fe80::a00:20ff:fec0:3fe1%hme0 prefixlen 64 scopeid 0x1 inet 192.168.99.1 netmask 0xffffffff broadcast 192.168.99.1 ether 08:00:20:c0:3f:e1 media: Ethernet autoselect (10baseT/UTP) status: active gif0: flags=8051 mtu 1280 tunnel inet A.B.C.D --> E.F.G.H inet6 fe80::a00:20ff:fec0:3fe1%gif0 prefixlen 64 scopeid 0x3 inet 192.168.99.1 --> 192.168.90.250 netmask 0xffffffff home NATed machine: hme0: flags=8843 mtu 1500 options=b inet6 fe80::a00:20ff:fec0:5061%hme0 prefixlen 64 scopeid 0x1 inet 192.168.0.250 netmask 0xffffff00 broadcast 192.168.0.255 inet 192.168.90.250 netmask 0xffffffff broadcast 192.168.90.250 ether 08:00:20:c0:50:61 media: Ethernet autoselect (100baseTX) status: active gif0: flags=8051 mtu 1280 tunnel inet E.F.G.H --> A.B.C.D inet6 fe80::a00:20ff:fec0:5061%gif0 prefixlen 64 scopeid 0x3 inet 192.168.90.250 --> 192.168.99.1 netmask 0xffffffff Now this works, exactly like this, on two machines that are not NATed. E.F.G.H is the address of the dsl modem on the outside. I've tried setting the home machine's gif0 interface to both E.F.G.H and 192.168.0.250 going to A.B.C.D. Obviously, the internet machine has to point to E.F.G.H. Should I set the alias of hme0 on the home machine to E.F.G.H? Is there a way to do this? -- ______ Paul T. Root / _ \ 1977 MGB / /|| \\ ||\/ || _ | || || || \ ||__// \______/