From owner-freebsd-pf@freebsd.org  Tue Mar 13 18:17:34 2018
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AFCDCF3D8AA
 for <freebsd-pf@mailman.ysv.freebsd.org>; Tue, 13 Mar 2018 18:17:33 +0000 (UTC)
 (envelope-from paul.g.webster@googlemail.com)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com
 [IPv6:2607:f8b0:400d:c0d::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E58B96D0D1
 for <freebsd-pf@freebsd.org>; Tue, 13 Mar 2018 18:17:32 +0000 (UTC)
 (envelope-from paul.g.webster@googlemail.com)
Received: by mail-qt0-x229.google.com with SMTP id v90so606892qte.12
 for <freebsd-pf@freebsd.org>; Tue, 13 Mar 2018 11:17:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=/9IV58sCiOnqzd0cEFEFhxDNfFvWprEnm+gliC5itv0=;
 b=EvOB5nhCZLV9CqnEjB5U9T/SekT+pY74izFt+dwGIZLBV1IPgzSVlPDs+xmZmh497H
 5S7H1e4ooZhKU3uniUWTBeKhhelhLkt25eXMIpK4X83fGTJb3l97u44BbZfJk88id4+E
 e3SA/VbT6d9yTFjPIYC8C7+o9MAExR/hrdABSyVUM4PAc5/btWGslyszz3giY3YmgexU
 HZIsUk+w1Z6dIKiMyCGZJbr2+vrU/DPnH4xg9MmCIUtjHch6/PU7qXhLKo/NUo0Eip2J
 h/TTX1nyyIy6eTQI7Pb0V5/K7RqwCz/QNmmgfeAXpFD8R+x1/MjfKmomYcUNj8WJJ2aN
 OdVA==
X-Gm-Message-State: AElRT7FjrRYhDrALaL/u+kI/SNC2w7h+Lytub+Of1lL+tQ/CIaAbq+YV
 s9qgCejk1m0OmKw0XFDNWIDKqWpSbgX4n+ofJXs=
X-Google-Smtp-Source: AG47ELv7Ov+J8ESuFgNHz3GXGDilfgqhXrSLePUOjMBOwYrY/D3TbFMzKxsfj4URQWs7uA39+ksKUC/cIK2lEIsdbs4=
X-Received: by 10.200.40.70 with SMTP id 6mr2587040qtr.285.1520965052080; Tue,
 13 Mar 2018 11:17:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.171.88 with HTTP; Tue, 13 Mar 2018 11:17:31 -0700 (PDT)
In-Reply-To: <03f0b2ceb5197171f20500982ad18a40@rickvanderzwet.nl>
References: <f6c9dffed567fdf0218ae34fc3097062@rickvanderzwet.nl>
 <CANJ8om4kYPUQVDZw9PndyHf7Skhz=wdPfL+ybyNujmZKD5A_FQ@mail.gmail.com>
 <03f0b2ceb5197171f20500982ad18a40@rickvanderzwet.nl>
From: Paul Webster <paul.g.webster@googlemail.com>
Date: Tue, 13 Mar 2018 18:17:31 +0000
Message-ID: <CADdqeiNW7ma5adObsgsrz1U3e9+8WppQK+NU9u2-j+vkkSHCbg@mail.gmail.com>
Subject: Re: NAT possible with single interface box?
To: Rick van der Zwet <info@rickvanderzwet.nl>
Cc: Ultima <ultima1252@gmail.com>, freebsd-pf@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 18:17:34 -0000

Depending what you need an easy hack for it would be running an openvpn or
other vpn server, then you can just nat out from that

On 12 March 2018 at 22:50, Rick van der Zwet <info@rickvanderzwet.nl> wrote:

> On 2018-03-12 15:32, Ultima wrote:
>
>> Please provide netstat -nr. If you have more in pf.conf, please provide
>> this too.
>>
>
> Thanks for the suggestion, it made me thing again.
>
> I recreated the setup with different network settings for more easy
> testing:
>  - em0 instead of sis0
>  - 192.168.178.181/24 instead of 192.168.1.10/24
>  - gateway 192.168.178.1 instead of 192.168.1.1
>
>
> root@vbsd11:~ # uname -a
> FreeBSD vbsd11.vanderzwet.net 11.0-RELEASE-p9 FreeBSD 11.0-RELEASE-p9 #0:
> Tue Apr 11 08:42:58 UTC 2017     root@amd64-builder.daemonology.net:
> /usr/obj/usr/src/sys/GENERIC  i386
>
>
> root@vbsd11:~ # netstat -nr -f inet
> Routing tables
>
> Internet:
> Destination        Gateway            Flags     Netif Expire
> default            192.168.178.1      UGS         em0
> 127.0.0.1          link#2             UH          lo0
> 172.16.0.0/24      link#1             U           em0
> 172.16.0.1         link#1             UHS         lo0
> 192.168.178.0/24   link#1             U           em0
> 192.168.178.181    link#1             UHS         lo0
>
>
> root@vbsd11:~ # cat /etc/pf.conf
> nat on em0 inet from 172.16.0.0/24 to !172.16.0.0/24 -> 192.168.178.181
>
>
> root@vbsd11:~ # cat /etc/rc.conf
> hostname="vbsd11.vanderzwet.net"
> sshd_enable="YES"
> ntpd_enable="YES"
>
> ifconfig_em0="192.168.178.181/24"
> ifconfig_em0_alias0="172.16.0.1/24"
>
> defaultrouter="192.168.178.1"
> gateway_enable="YES"
>
> pf_enable="YES"
> pf_rules="/etc/pf.conf"
>
>
> Looking at tcpdump of the router I now see packages been translated:
> root@vbsd11:~ # tcpdump -ni em0 icmp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
> 00:11:25.758323 IP 172.16.0.10 > 192.168.178.1: ICMP echo request, id
> 6976, seq 96, length 64
> 00:11:25.758435 IP 192.168.178.181 > 192.168.178.1: ICMP echo request, id
> 57418, seq 96, length 64
> 00:11:25.758880 IP 192.168.178.1 > 192.168.178.181: ICMP echo reply, id
> 57418, seq 96, length 64
> 00:11:25.758950 IP 192.168.178.1 > 172.16.0.10: ICMP echo reply, id 6976,
> seq 96, length 64
>
>
> Looking in hindsight the simplified example was instead working, the
> problem was caused by blocking firewall rules further down the script.
>
> Best regards,
> -Rick
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>