From owner-freebsd-questions@FreeBSD.ORG Mon May 9 21:21:33 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 893E016A4EA for ; Mon, 9 May 2005 21:21:33 +0000 (GMT) Received: from f31.mail.ru (f31.mail.ru [194.67.57.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37FE843D77 for ; Mon, 9 May 2005 21:21:33 +0000 (GMT) (envelope-from medvedev_denis@mail.ru) Received: from mail by f31.mail.ru with local id 1DVFgy-000GXl-00 for freebsd-questions@freebsd.org; Tue, 10 May 2005 01:21:32 +0400 Received: from [217.172.28.56] by win.mail.ru with HTTP; Tue, 10 May 2005 01:21:32 +0400 From: Denis Medvedev To: freebsd-questions@freebsd.org Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [217.172.28.56] Date: Tue, 10 May 2005 01:21:32 +0400 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Message-Id: Subject: Re[2]: NAT with two different alias addresses. Is it possible? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Denis Medvedev List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 21:21:33 -0000 > Am Montag, 9. Mai 2005 22:29 schrieb Денис Медведев: >> Hello, everybody! >> >> I've just installed freeBSD 5.3 on my old computer to make it NAT >> router for internet sharing. The example is classical: two machines in >> my internal network and one IP from provider. Except one moment - my >> internet connection is established through PPPoE. So my unix has 3 >> network interfaces: >> rl0 - provider's network 10.10.54.107/16 >> tun0 - pppoe (through rl0 of course). Here my IP is 192.168.54.107 >> rl1 - my internal network 172.16.0.1/24 (do not laugh i've made it >> for difference) >> >> NAT has alias address 192.168.54.107, and internet connection works >> perfectly. BUT there are a lot of resources in 10.10.54.107/16 >> network I can't get access from my internal machines. I think address >> translation to 10.10.54.107 could help. Or not? Maybe it is possible >> to launch second NATd for this interface? > Hmm, I don't know if I understood correctly but you don't need to NAT if > you want to route from 172.16.0/24 to 10.10/16. Just NAT anything on tun0 > from !192.168.54.107 to any. (And make sure gateway_enable="YES", resp. > net.inet.ip.forwarding=1) > You don't tell us whether you use IPFW, IPF or PF, but at least for the > latter two you could define more than one NAT rule! > -Harry I use IPFW, and the rules are the following: divert nat ip from {172.16.0.5 or 172.16.0.7} to any out via tun0 divert nat ip from any to any in via tun0 allow ip from {172.16.0.5 or 172.16.0.7} to any in via rl1 keep-state allow ip from 192.168.54.107 to any out via tun0 keep-state deny ip from any to any Generally, i want 172.16.0.7 to see MS windows network (10.10/16) as a client. WBR Denis mailto:medvedev_denis@mail.ru