Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 May 2005 01:21:32 +0400
From:      Denis Medvedev <medvedev_denis@mail.ru>
To:        freebsd-questions@freebsd.org
Subject:   Re[2]: NAT with two different alias addresses. Is it possible?
Message-ID:  <E1DVFgy-000GXl-00.medvedev_denis-mail-ru@f31.mail.ru>
next in thread | raw e-mail | index | archive | help 
> Am Montag, 9. Mai 2005 22:29 schrieb Денис Медведев:
>> Hello, everybody!
>>
>> I've just installed freeBSD 5.3 on my old computer to make it NAT
>> router for internet sharing. The example is classical: two machines in
>> my internal network and one IP from provider. Except one moment - my
>> internet connection is established through PPPoE. So my unix has 3
>> network interfaces:
>>   rl0 - provider's network 10.10.54.107/16
>>   tun0 - pppoe (through rl0 of course). Here my IP is 192.168.54.107
>>   rl1 - my internal network 172.16.0.1/24 (do not laugh i've made it
>>         for difference)
>>
>> NAT has alias address 192.168.54.107, and internet connection works
>> perfectly. BUT there are a lot of resources in 10.10.54.107/16
>> network I can't get access from my internal machines. I think address
>> translation to 10.10.54.107 could help. Or not? Maybe it is possible
>> to launch second NATd for this interface?

> Hmm, I don't know if I understood correctly but you don't need to NAT if
> you want to route from 172.16.0/24 to 10.10/16. Just NAT anything on tun0
> from !192.168.54.107 to any. (And make sure gateway_enable="YES", resp.
> net.inet.ip.forwarding=1)
> You don't tell us whether you use IPFW, IPF or PF, but at least for the
> latter two you could define more than one NAT rule!

> -Harry

I use IPFW,
and the rules are the following:
divert nat ip from {172.16.0.5 or 172.16.0.7} to any out via tun0
divert nat ip from any to any in via tun0
allow ip from {172.16.0.5 or 172.16.0.7} to any in via rl1 keep-state
allow ip from 192.168.54.107 to any out via tun0 keep-state
deny ip from any to any

Generally, i want 172.16.0.7 to see MS windows network (10.10/16) as a client.


WBR
 Denis                          mailto:medvedev_denis@mail.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1DVFgy-000GXl-00.medvedev_denis-mail-ru>