From owner-freebsd-questions  Sun Aug 12 16:39:10 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 1EDF537B401
	for <questions@FreeBSD.ORG>; Sun, 12 Aug 2001 16:39:03 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f7CNd1M20976;
	Sun, 12 Aug 2001 18:39:01 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Sun, 12 Aug 2001 18:39:00 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: William Ward <wardd@d1c47d61.gw206.dsl.airmail.net>
Cc: questions@FreeBSD.ORG
Subject: Re: natd and aliases on same interface
In-Reply-To: <20010811185447.B491@d1c47d61.gw206.dsl.airmail.net>
Message-ID: <Pine.BSF.4.21.0108121835580.5608-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sat, 11 Aug 2001, William Ward wrote:

> How can I tell natd not to divert an alias when trying to communicate
> on my local area network?
> 
> I'm sure this is a common problem so I won't go into too much detail.
> 
> I have four machines connected to the ports on my DSL router.  I'm
> using one machine with nat to connect the other three machines to the
> internet. The problem is caused because I have two subnets on the same
> interface and nat translates the alias to the public IP address before
> going out over the local area network.
> 
> This is what I would like to avoid:
> 
> toaster% telnet 10.0.0.25
> ...
> sawdust% who am i
> wardd    ttyp2    Nov 22 07:33  (128.1.1.2)
>                                  ^^^^^^^^^ this!
> 
> I would much rather the other box see the 10.x address instead.
> 
> d1c47d61# ifconfig dc0
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 128.1.1.2 netmask 0xffffffc0 broadcast 128.1.1.0
>         inet6 XXXX::XXX:XXXX:XXXX:XXXX%dc0 prefixlen 64 scopeid 0x1 
>         inet 10.0.0.11 netmask 0xffffff00 broadcast 10.0.0.255
>         ether XX:XX:XX:XX:XX:XX 
>         media: Ethernet autoselect (100baseTX)
>         status: active
> 
> d1c47d61# ipfw list
> 00050 divert 8668 ip from any to any via dc0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 65000 allow ip from any to any
> 65535 deny ip from any to any

	This is done with the firewall rules, not natd:


	ipfw add 40 allow ip from 10.0.0.0/24 to 10.0.0.0/24



Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message