From owner-freebsd-isp@FreeBSD.ORG Fri Oct 1 07:11:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78F5F16A4CE for ; Fri, 1 Oct 2004 07:11:31 +0000 (GMT) Received: from beer.ux6.net (beer.ux6.net [64.62.253.29]) by mx1.FreeBSD.org (Postfix) with SMTP id 4047943D31 for ; Fri, 1 Oct 2004 07:11:31 +0000 (GMT) (envelope-from miha@ghuug.org) Received: (qmail 64636 invoked by uid 113); 1 Oct 2004 00:11:29 -0700 Received: from 205.177.65.128 by beer.ux6.net (envelope-from , uid 112) with qmail-scanner-1.23 (clamdscan: 0.70. spamassassin: 2.64. Clear:RC:0(205.177.65.128):SA:0(4.7/6.0):. Processed in 1.545129 secs); 01 Oct 2004 07:11:29 -0000 X-Spam-Status: No, hits=4.7 required=6.0 X-Spam-Level: ++++ Received: from unknown (HELO ?192.168.0.3?) (miha@beer.ux6.net@205.177.65.128) by localhost with SMTP; 1 Oct 2004 00:11:27 -0700 From: "Mikhail P." Organization: Ghana Unix Users Group To: Juhani Tali Date: Fri, 1 Oct 2004 07:11:24 +0000 User-Agent: KMail/1.7 References: <200410010543.42789.miha@ghuug.org> <415CFE85.8040005@kernel.ee> In-Reply-To: <415CFE85.8040005@kernel.ee> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200410010711.24829.miha@ghuug.org> cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: confusion with natd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: miha@ghuug.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2004 07:11:31 -0000 On Friday 01 October 2004 06:51, Juhani Tali wrote: > I would set it up like so: > > This one in host B > > > natd -interface rl1 > > And this in host A > > > natd -port 8568 -interface tun0 > > You need to translate all the 192.168.0.x to tunnel's address and you > cannot do it in host B, because it has no direct connection to 192.168.0.x. Did not quite understand what you meant here. I can translate 192.168.0.0/24 into tunnel, but as my original message states, only packets to HOST_A fall into that route, any other packets (even ipfw has "ip from 192.168.0.3 to any") travel out regular way (not via tun0). That's the most confusing part ("any != "any"), and I'm stuck there. HOST_B (which is seen as "192.168.0.1" to LAN) has direct connection to 192.168.0.x, and basically it acts as a gateway for 192.168.0.x, so I dance from there. > Another solution is with routing, so host B has direct access to the > 192.168.0.x network. Tried that already as - on HOST_A (remote host) - route add 192.168.0.0/24 192.168.10.2 After that, I can ping 192.168.0.x directly (no NAT) from remote VPN host and backwards. This, however, does not change anything apart from giving me direct access to "HOST_A <<-->> 192.168.0.0/24". > > > I have been pulling hair off my poor head for few hours on this issue, > > but did not come to solution, so I'm looking for advises. > > Juhani Tali regards, M.