Date: Thu, 16 Dec 2004 18:05:28 -0800 From: "Andrew Heyn" <aheyn@jmsent.com> To: <freebsd-net@freebsd.org> Subject: bridging, ipf Message-ID: <CLELJKHKLJLNMNHGHFIDOEBNCAAA.aheyn@jmsent.com>
next in thread | raw e-mail | index | archive | help
Hi, Here is my setup: fxp0: no ip -> switch -> (computer with ip: 200.200.200.147, gateway 200.200.200.145) ^ | bridged | \/ fxp1: 200.200.200.146, 148, 149, 150 -> <isp gateway 200.200.200.145> -> (internet) ^ ipf/ipnat | \/ fxp2: 192.168.1.1 -> switch -> lots of computers with 192.168.1.x addresses (all use 192.168.1.1 as gw) Computers on fxp2 have no problem accessing the internet, and neither does 200.200.200.147... I am at a loss, though, at how to get a request from 192.168.1.x to successfully be natted with th e public ip on fxp1 (200.200.200.145) and access 200.200.200.147. There's no access to the bridged computer from the natted computers, and I dont know how to make it work. It seems that http://www.moatware.com/support/docbook/faq-bridge.html documents this problem and it has to do with ipnat in processing the packets returning from 200.200.200.147 on fxp0, which has no IP. Is there a rule to ipnat I can add to make the lookups on the returning packets succcessful, or another way to make it work? Would this setup also the natted computers to access the bridged computer by its public ip? fxp0: no ip -> switch -> computer with public ip ^ | bridged | \/ fxp1: no ip -> switch -> cat5 from ISP fxp2: public ip -> connected to switch fxp1 is ^ | ipf/ipnat \/ fxp3: 192.168.1.1 -> switch -> internal computers I want all traffic to go through this one machine so accounting and other filtering/limiting can be done... all through one computer. Thanks, Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CLELJKHKLJLNMNHGHFIDOEBNCAAA.aheyn>