From owner-freebsd-net Tue May 4 3:14:38 1999 Delivered-To: freebsd-net@freebsd.org Received: from nomad.dataplex.net (nomad.dataplex.net [216.140.184.132]) by hub.freebsd.org (Postfix) with ESMTP id 25D2014D54 for ; Tue, 4 May 1999 03:14:35 -0700 (PDT) (envelope-from rkw@dataplex.net) Received: from localhost (rkw@localhost) by nomad.dataplex.net (8.9.2/8.9.2) with ESMTP id FAA11426; Tue, 4 May 1999 05:14:19 -0500 (CDT) (envelope-from rkw@dataplex.net) X-Authentication-Warning: nomad.dataplex.net: rkw owned process doing -bs Date: Tue, 4 May 1999 05:14:19 -0500 (CDT) From: Richard Wackerbarth Reply-To: rkw@dataplex.net To: Thomas Uhrfelt Cc: "'freebsd-net@freebsd.org'" Subject: Re: SV: routing over Inet with FreeBSD 3.1R/S In-Reply-To: <01BE9606.90D23CE0.thomas.uhrfelt@plymovent.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 4 May 1999, Thomas Uhrfelt wrote: > > Thomas Uhrfelt wrote: > > > > > > I have a question about routing "homenets" via Internet, here comes > > > a description of my 'thought' out configuration. > > > > > > [C1:1-o] <---> [i-C1-o] <--Internet--> [o-C2-i] <---> [o-C2:1] > > > > > > C1 and C2 are routers/firewalls on completely different geographic > > > sites, C1:1 and C2:1 simulates workstations within the buildings > > > behind the firewall. > > > > > > -o Outside interface > > > -i Inside interface > > > > > > IPs > > > --- > > > C1:1-o 192.168.1.100 > > > C1-i 192.168.1.1 > > > C1-o 36.100.100.1 (public IP) > > > C2-o 37.100.100.1 (public IP) > > > C2-i 192.168.10.1 > > > C2:1-o 192.168.10.100 > > > > > > With these routing tables will a packet from C1:1 be able to use > > > for > > > example > > > telnet 192.168.10.100 to address the computer C2:1 directly, as in > > > will the packet be routed through the net correctly? > > > > No, you're not allowed to place 192.168.x.x addresses on the public > > internet, that's why they're called PRIVATE addresses. If you make > > your routers do Network Address Translation you can accomplish > > this, depending on the size of the two private networks. > > I am performing NAT, but my problem is that I need to be able to > address some of the "inside" computers on the C2 net directly without > having a public IP, how can I accomplish that? I do know that 192 > addresses are private, but since I route them directly to my other > private network that shouldnt pose a problem or? Encapsulate the private network packets with a tunnel between the firewalls (or to designated machines behind the firewall). That will make it appear that the global internet is bypassed and the firewalls are only one hop apart. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message