Date: Sun, 26 Oct 2003 03:34:58 +0100 From: Nils Vogels <nivo+sender+8eb026@yuckfou.org> To: freebsd-net@freebsd.org Subject: Re: Reverse IP NAT to secondary IP address Message-ID: <3F9B32D2.7080804@yuckfou.org> In-Reply-To: <1067128348.400238.16844.nullmailer@cicuta.babolo.ru> References: <1067128348.400238.16844.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"."@babolo.ru wrote: >configure port with SNMP-server as 192.168.0.17/30 for example >instead 192.168.2.1/24, and >sysctl net.link.ether.inet.proxyall=1 > >and configure SNMP-server as 192.168.0.18/24 > >If you can change mask of SNMP-server, you can >use 192.168.0/24 and 192.168.1/24 on gateway >and 192.168.0/25 on SNMP-server. > >No NAT is needed. > > I just tried this, but unfortunately, the same thing happens as with ipfilter: The primary address of the interface ed0 on the gateway (the public adress) is used to forward the arp request. Taken from a dump on the gateay, when attempting telnet: Incoming on rl0: 03:35:05.867883 192.168.0.2.1511 > 192.168.2.2.23: S 1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10] Outgoing on ed0: 03:35:05.868333 195.0.0.1.15009 > 192.168.2.2.23: S 1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10] Since 195.0.0.1 (obviously obfuscated) does not fall within the subnet the 192.168.2.2 box is on, there will never be a reply from the 192.168.2.2 box. ARP proxying goes fine, on the WWW box, I can see the proxied reply coming from my gateway for the 192.168.1.1 address ..... Can anyone tell me, how I can make the box use the secondary address (alias) automatically for forwarding the telnet session? Could it be that since the gateway is running many-to-one NAT as well, this is conflicting ? Greetings, Nils.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9B32D2.7080804>