Date: Sat, 7 Jun 2014 10:12:14 -0700 (PDT) From: None Secure <none_secure@yahoo.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "matthew@freebsd.org" <matthew@freebsd.org> Subject: RE: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com>
next in thread | raw e-mail | index | archive | help
Matthew, Thanks for your response - I suspect that was the problem I was encountering (that the ISP will NAT for my external address) and that is why I switched to natd/divert, and it is indeed working properly. So what is the problem ? Well, the problem is I am trying to use sshuttle, which inserts it's own set of divert rules into the ipfw table ... so I have one natd_enable, and a set of divert rules ... and then we add another set of divert rules from sshuttle (which does not, btw, start it's own natd). So when you say that I can NAT multiple times ... can I NAT multiple times on the same system ? If I start a second natd (which sounds ridiculous to me) how does it know which set of diverts it is supposed to work on ? Basically my system is working fine with natd/divert, but now I either need to make it work without natd/divert (so that sshuttle can do its own) or I need to find a way to use two sets of natd/divert ... Comments ? From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 17:31:11 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 901D2D35; Sat, 7 Jun 2014 17:31:11 +0000 (UTC) Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B19A2168; Sat, 7 Jun 2014 17:31:10 +0000 (UTC) Received: from [10.51.51.109] (unknown [166.170.43.133]) by oj.bangj.com (Postfix) with ESMTPA id 5BB735DD; Sat, 7 Jun 2014 13:21:25 -0400 (EDT) References: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Mime-Version: 1.0 (1.0) In-Reply-To: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <917ED0A1-774C-4A46-B5E0-A750E2DDF6C2@bangj.com> X-Mailer: iPhone Mail (12A4265u) From: Tom Pusateri <pusateri@bangj.com> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Date: Sat, 7 Jun 2014 10:21:24 -0700 To: None Secure <none_secure@yahoo.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "matthew@freebsd.org" <matthew@freebsd.org> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 17:31:11 -0000 I've seen this setup with IPv4 before when the ISP does native IPv6. Maybe you can get global IPv6 addresses and can SSH directly over that. If not, at least go on record requesting IPv6 with your provider to push them along. Tom > On Jun 7, 2014, at 10:12 AM, None Secure via freebsd-net <freebsd-net@freebsd.org> wrote: > > Matthew, > > Thanks for your response - I suspect that was the problem I was encountering (that the ISP will NAT for my external address) and that is why I switched to natd/divert, and it is indeed working properly. > > So what is the problem ? Well, the problem is I am trying to use sshuttle, which inserts it's own set of divert rules into the ipfw table ... so I have one natd_enable, and a set of divert rules ... and then we add another set of divert rules from sshuttle (which does not, btw, start it's own natd). > > So when you say that I can NAT multiple times ... can I NAT multiple times on the same system ? If I start a second natd (which sounds ridiculous to me) how does it know which set of diverts it is supposed to work on ? > > Basically my system is working fine with natd/divert, but now I either need to make it work without natd/divert (so that sshuttle can do its own) or I need to find a way to use two sets of natd/divert ... > > Comments ? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1402161134.5132.YahooMailNeo>