Date: Sat, 7 Jun 2014 09:48:39 -0700 (PDT) From: None Secure <none_secure@yahoo.com> To: Erich Dollansky <erich@alogt.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> In-Reply-To: <20140607144043.3d4be435@X220.alogt.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> <20140607144043.3d4be435@X220.alogt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, but in this case BOTH IPs of the gateway - both the external and the internal interfaces - are non-routable IPs, and so is my ISP cable modem. 192.168.1.1 is the cable modem 192.168.1.2 is external interface of my FreeBSD 10.10.10.1 is internal interface of my FreeBSD ... and my client (10.10.10.2) could not get through to the outside world using just plain old gateway_enable=yes. The configuration that always works with real IPs did not work with this. So, I followed the FreeBSD handbook which uses divert and natd, and it worked perfectly. No, I am not trying to access the internal systems from the outside world - I don't have a need for that. BUT, I am wondering if it is any way possible to run a gateway like this *without* divert and natd ? Thanks. On Friday, June 6, 2014 11:40 PM, Erich Dollansky <erich@alogt.com> wrote: Hi, On Fri, 6 Jun 2014 23:22:46 -0700 (PDT) None Secure via freebsd-net <freebsd-net@freebsd.org> wrote: > BUT, what if my ISP is giving me a private IP, and my internal > network is also private IPs ? External gateway address is > 192.168.1.2 and internal gateway address is 10.10.10.1 ... the ONLY > way I could make this work is with natd and ipfw divert rules. > > My question is: is it possible to have a network of non-routable > IPs, and a gateway with non-routable Ips on internal and external > interfaces, and NOT use natd/divert ? Can it be done with no ipfw > rules at all, just like I used to ? > what should be the problem? I did some time ago when the ISP gave us only a single IP address. The local machines connected to the gateway, the gateway connected via a second interface to the ISP. Of course, only the gateway was visible from outside. If you want to access the internal machines from outisde, you will need NAT. Erich From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 16:56:25 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C2245D2A for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 16:56:25 +0000 (UTC) Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CE322E49 for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 16:56:25 +0000 (UTC) Received: by mail-ve0-f179.google.com with SMTP id oy12so4841867veb.38 for <freebsd-net@freebsd.org>; Sat, 07 Jun 2014 09:56:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s 120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=UfyZY5O4Q0Xn7C/B9wBPK4GFkaGQOVr9hYmf/+X2IJc=; b=gph9ebqg2FJd/nvwOxDg7VFN0QxlVBR8hEV8tpQufhhwUIvpKxozuEdjhKT4BMwmU3 sbcPQ+aKaoAPTc/36zby+FGAWJYKVW7HSDKl05IhwPOneH5RMaKz/cMDjn+mayTej268 KyJnFV+GRLEnPsMaAwR7RGeC2D9U3kZyTp2us4aAdILpQkHopSWbRmNavB1f2/HS61FD JhLjhXNtjOclRMSvviF7xX1w1W/oBr6mraby4CztdEw1EY0qCboCjxPGKDRQ9kltn8CI rjvE9IRMVh2AyZDBrxQ1gm6KXEb96WtlzAhCsOLkrTY+E50yRRsHo3EX+eOFv/GViEo/ zP5A=MIME-Version: 1.0 X-Received: by 10.58.160.134 with SMTP id xk6mr12108202veb.64.1402160184630; Sat, 07 Jun 2014 09:56:24 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.220.186.193 with HTTP; Sat, 7 Jun 2014 09:56:24 -0700 (PDT) In-Reply-To: <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> <20140607144043.3d4be435@X220.alogt.com> <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> Date: Sat, 7 Jun 2014 12:56:24 -0400 X-Google-Sender-Auth: rG7tNweuDxnYkuKVTEbFdy2rJHI Message-ID: <CAJ-VmokhuecxQ60UxYX=fQpGOb9b2Hª5OjHo=+tEQce8_gFA@mail.gmail.com> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? From: Adrian Chadd <adrian@freebsd.org> To: None Secure <none_secure@yahoo.com> Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Erich Dollansky <erich@alogt.com> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 16:56:25 -0000 On 7 June 2014 12:48, None Secure via freebsd-net <freebsd-net@freebsd.org> wrote: > Yes, but in this case BOTH IPs of the gateway - both the external and the internal interfaces - are non-routable IPs, and so is my ISP cable modem. > > 192.168.1.1 is the cable modem > 192.168.1.2 is external interface of my FreeBSD > 10.10.10.1 is internal interface of my FreeBSD > > ... and my client (10.10.10.2) could not get through to the outside world using just plain old gateway_enable=yes. The configuration that always works with real IPs did not work with this. > > So, I followed the FreeBSD handbook which uses divert and natd, and it worked perfectly. > > No, I am not trying to access the internal systems from the outside world - I don't have a need for that. > > BUT, I am wondering if it is any way possible to run a gateway like this *without* divert and natd ? There's inkernel natd these days. There's also pf and ipfilter. -a
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1402159719.88183.YahooMailNeo>