From owner-freebsd-questions@FreeBSD.ORG Mon Nov 13 20:13:51 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1CDE16A416 for ; Mon, 13 Nov 2006 20:13:51 +0000 (UTC) (envelope-from lollergate@gmail.com) Received: from imf23aec.mail.bellsouth.net (imf23aec.mail.bellsouth.net [205.152.59.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9300F43D77 for ; Mon, 13 Nov 2006 20:06:25 +0000 (GMT) (envelope-from lollergate@gmail.com) Received: from ibm66aec.bellsouth.net ([74.236.136.76]) by imf23aec.mail.bellsouth.net with ESMTP id <20061113200620.SJJY2162.imf23aec.mail.bellsouth.net@ibm66aec.bellsouth.net> for ; Mon, 13 Nov 2006 15:06:20 -0500 Received: from [127.0.0.1] (really [74.236.136.76]) by ibm66aec.bellsouth.net with ESMTP id <20061113200619.USJE527.ibm66aec.bellsouth.net@[127.0.0.1]> for ; Mon, 13 Nov 2006 15:06:19 -0500 Message-ID: <4558D15D.5030801@gmail.com> Date: Mon, 13 Nov 2006 15:11:09 -0500 From: James Bakner User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0648-1, 11/13/2006), Outbound message X-Antivirus-Status: Clean Cc: Subject: using ipfw for NAT mapping in a 1:1 fake:real IPs for VPN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2006 20:13:51 -0000 Hi, I have a pretty complicated setup currently and am trying to figure out exactly how to implement it. I'm pretty unfamiliar with freebsd, the last incarnation I used was 4.3 and I only used it for a few months before moving to linux. I have a VPN setup for an IP range 10.0.0.1-10.0.0.255 for clients connecting using OpenVPN. Now I am handling NAT for these up to 5 IPs. I have 5 real IPs that are allocated to the machine that the VPN server runs on (OpenVPN). I need each client to have a real and unique IP, although not from the client's viewpoint. From my understanding, I would get OpenVPN to give out IPs 10.0.0.1-10.0.0.5. I would then set up rather than a standard NAT for like 192.168.0.0/24 through A.B.C.D (single real IP) I would now set up nat 10.0.0.1 through A.B.C.D nat 10.0.0.2 through A.B.C.E etc Does this make sense and am I missing something? These would be going through BSD's tun-type device. Thanks, -James