Date: Sat, 7 Jun 2014 09:48:39 -0700 (PDT) From: None Secure <none_secure@yahoo.com> To: Erich Dollansky <erich@alogt.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> In-Reply-To: <20140607144043.3d4be435@X220.alogt.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> <20140607144043.3d4be435@X220.alogt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, but in this case BOTH IPs of the gateway - both the external and the i= nternal interfaces - are non-routable IPs, and so is my ISP cable modem.=0A= =0A192.168.1.1 is the cable modem=0A192.168.1.2 is external interface of my= FreeBSD=0A10.10.10.1 is internal interface of my FreeBSD=0A=0A... and my c= lient (10.10.10.2) could not get through to the outside world using just pl= ain old gateway_enable=3Dyes. =A0The configuration that always works with r= eal IPs did not work with this.=0A=0ASo, I followed the FreeBSD handbook wh= ich uses divert and natd, and it worked perfectly.=0A=0ANo, I am not trying= to access the internal systems from the outside world - I don't have a nee= d for that.=0A=0ABUT, I am wondering if it is any way possible to run a gat= eway like this *without* divert and natd ?=0A=0AThanks.=0A=0A=0AOn Friday, = June 6, 2014 11:40 PM, Erich Dollansky <erich@alogt.com> wrote:=0A =0A=0A= =0AHi,=0A=0A=0AOn Fri, 6 Jun 2014 23:22:46 -0700 (PDT)=0ANone Secure via fr= eebsd-net <freebsd-net@freebsd.org> wrote:=0A=0A> BUT, what if my ISP is gi= ving me a private IP, and my internal=0A> network is also private IPs ? =A0= External gateway address is=0A> 192.168.1.2 and internal gateway address is= 10.10.10.1 ... the ONLY=0A> way I could make this work is with natd and ip= fw divert rules.=0A> =0A> My question is: =A0is it possible to have a netwo= rk of non-routable=0A> IPs, and a gateway with non-routable Ips on internal= and external=0A> interfaces, and NOT use natd/divert ? =A0Can it be done w= ith no ipfw=0A> rules at all, just like I used to ?=0A> =0Awhat should be t= he problem? I did some time ago when the ISP gave us=0Aonly a single IP add= ress. The local machines connected to the gateway,=0Athe gateway connected = via a second interface to the ISP.=0A=0AOf course, only the gateway was vis= ible from outside. If you want to=0Aaccess the internal machines from outis= de, you will need NAT. =0A=0AErich From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 16:56:25 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C2245D2A for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 16:56:25 +0000 (UTC) Received: from mail-ve0-x233.google.com (mail-ve0-x233.google.com [IPv6:2607:f8b0:400c:c01::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CE322E49 for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 16:56:25 +0000 (UTC) Received: by mail-ve0-f179.google.com with SMTP id oy12so4841867veb.38 for <freebsd-net@freebsd.org>; Sat, 07 Jun 2014 09:56:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=UfyZY5O4Q0Xn7C/B9wBPK4GFkaGQOVr9hYmf/+X2IJc=; b=gph9ebqg2FJd/nvwOxDg7VFN0QxlVBR8hEV8tpQufhhwUIvpKxozuEdjhKT4BMwmU3 sbcPQ+aKaoAPTc/36zby+FGAWJYKVW7HSDKl05IhwPOneH5RMaKz/cMDjn+mayTej268 KyJnFV+GRLEnPsMaAwR7RGeC2D9U3kZyTp2us4aAdILpQkHopSWbRmNavB1f2/HS61FD JhLjhXNtjOclRMSvviF7xX1w1W/oBr6mraby4CztdEw1EY0qCboCjxPGKDRQ9kltn8CI rjvE9IRMVh2AyZDBrxQ1gm6KXEb96WtlzAhCsOLkrTY+E50yRRsHo3EX+eOFv/GViEo/ zP5A== MIME-Version: 1.0 X-Received: by 10.58.160.134 with SMTP id xk6mr12108202veb.64.1402160184630; Sat, 07 Jun 2014 09:56:24 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.220.186.193 with HTTP; Sat, 7 Jun 2014 09:56:24 -0700 (PDT) In-Reply-To: <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> <20140607144043.3d4be435@X220.alogt.com> <1402159719.88183.YahooMailNeo@web162105.mail.bf1.yahoo.com> Date: Sat, 7 Jun 2014 12:56:24 -0400 X-Google-Sender-Auth: rG7tNweuDxnYkuKVTEbFdy2rJHI Message-ID: <CAJ-VmokhuecxQ60UxYX=fQpGOb9b2H=aA5OjHo=+tEQce8_gFA@mail.gmail.com> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? From: Adrian Chadd <adrian@freebsd.org> To: None Secure <none_secure@yahoo.com> Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Erich Dollansky <erich@alogt.com> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 16:56:25 -0000 On 7 June 2014 12:48, None Secure via freebsd-net <freebsd-net@freebsd.org> wrote: > Yes, but in this case BOTH IPs of the gateway - both the external and the internal interfaces - are non-routable IPs, and so is my ISP cable modem. > > 192.168.1.1 is the cable modem > 192.168.1.2 is external interface of my FreeBSD > 10.10.10.1 is internal interface of my FreeBSD > > ... and my client (10.10.10.2) could not get through to the outside world using just plain old gateway_enable=yes. The configuration that always works with real IPs did not work with this. > > So, I followed the FreeBSD handbook which uses divert and natd, and it worked perfectly. > > No, I am not trying to access the internal systems from the outside world - I don't have a need for that. > > BUT, I am wondering if it is any way possible to run a gateway like this *without* divert and natd ? There's inkernel natd these days. There's also pf and ipfilter. -a
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1402159719.88183.YahooMailNeo>