Date: Sat, 07 Jun 2014 10:34:39 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-net@freebsd.org Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <5392DCAF.8090302@FreeBSD.org> In-Reply-To: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ShQTA79DVmQTirs9tTCF4u9HJPFGUB5Cu Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 07/06/2014 07:22, None Secure via freebsd-net wrote: > BUT, what if my ISP is giving me a private IP, and my internal > network is also private IPs ? External gateway address is > 192.168.1.2 and internal gateway address is 10.10.10.1 ... the ONLY > way I could make this work is with natd and ipfw divert rules. >=20 > My question is: is it possible to have a network of non-routable > IPs, and a gateway with non-routable Ips on internal and external > interfaces, and NOT use natd/divert ? Can it be done with no ipfw > rules at all, just like I used to ? Sure, it's possible, in theory. It just depends on whether your ISP's kit will NAT for your 10.10.10.1 range as well as the 192.168.1.2 address they've assigned to you. Which I doubt -- the ISP kit is probably only going to do the minimum necessary to provide service so that it can support the maximum possible number of customers. However, running your own NAT gateway between 192.168.1.2 and 10.10.10.1 shouldn't be a problem. You can NAT multiple times between where you are and the Internet usually with no worse consequence than a bit of extra latency on your traffic. Cheers, Matthew PS. Roll on IPv6. None of this Heath-Robinsonesq NAT on top of NAT is necessary in an IPv6 world. --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --ShQTA79DVmQTirs9tTCF4u9HJPFGUB5Cu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTkty4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATvPYP/1DbnGNbodSyDzg3DJxv+Qtp Ldry3WvH4n9GEn7hiRqibvXxd8ro6JMc5Bo2Y4tH1CZqmMWrGlZkVRb+/7KaX+OY ZpmfbDmAnnDLcnWGp6ulaPRv8Hat5zDzUy1uGr27A/qg2obRIWGUs1COzxkd+cMl e3h24FR4muy80QqxoViVAufUIjzbDoWOplAPMlV1LBvPl1X9l3B+mgiQrDlwTjWI 6CHpdKRekMRP9Tzs9N6kgWEkvmiaWWrF+Us/jfNaykji4Lm68318vsSp5RQ3fcuT hRYvnLVrXT3U/ozgFZa1xixs5oFC3Ng4YaYLnmpIgfcg7zEAfkj+atoIrvKtKSvz hJQK4pBVr7b+tO8NT6W6zPWnKEfe7zo1No/gSIEoZ71wf8UWiWXHXNhG1c3J8vT7 WGFvSpk5dGoFv3dS+KvPJyJNtvjaNquPM221fSuF5VB/OaZYi2AQzznGG7EuQCyW jIBznbIRNgJmC/sFW+3feyrnN3r5AQ/AEDGWnHszhRolo9BQ8mWkqY27K6BjP0rr l/cawuXoqcE2520xQBVEkuQ8x+5oU+fKNMMDqzHMTEhW0BTUuSBE15MdOxIFrtBx M6JP3uPO9kmOUk76gf9fC3LUBT+oMNL2ZD4cy+AAOpzb9/syN+MQEFdcFiMKSw1b 1mPig8BKmbFMKRZ8Eea+ =Zk6j -----END PGP SIGNATURE----- --ShQTA79DVmQTirs9tTCF4u9HJPFGUB5Cu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5392DCAF.8090302>