From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 17:15:10 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 49BFD8C0 for ; Sat, 7 Jun 2014 17:15:10 +0000 (UTC) Received: from nm46.bullet.mail.ne1.yahoo.com (nm46.bullet.mail.ne1.yahoo.com [98.138.120.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 097B72FEA for ; Sat, 7 Jun 2014 17:15:09 +0000 (UTC) Received: from [127.0.0.1] by nm46.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 17:15:08 -0000 Received: from [98.138.100.117] by nm46.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 17:12:14 -0000 Received: from [66.196.81.174] by tm108.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 17:12:14 -0000 Received: from [98.139.212.243] by tm20.bullet.mail.bf1.yahoo.com with NNFMP; 07 Jun 2014 17:12:14 -0000 Received: from [127.0.0.1] by omp1052.mail.bf1.yahoo.com with NNFMP; 07 Jun 2014 17:12:14 -0000 X-Yahoo-Newman-Property: ymail-4 X-Yahoo-Newman-Id: 386414.70195.bm@omp1052.mail.bf1.yahoo.com Received: (qmail 5445 invoked by uid 60001); 7 Jun 2014 17:12:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1402161134; bh=vL0I5DOtsBkWGBDwVN/NzHvBlZ5nC96aC3mBPQ7x6Fs=; h=Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=tNazCxIMRvppnJSXacsiYQAkZ3T/hReSy+HcR8QS2a1U2AOAXr76ySSaCVzyTAZhMs2uRInUj4QyyM2X4k+tR+9/pAwR1BJge3Y92EBikQhfQXqwbJ+Z6/tP7oaVWhbZm2T//6x0AgMvuDD+d7fuFghbd3iFAstE/6alEwD/Csk= X-YMail-OSG: 4uQ0BJ4VM1nwmI4n6QNwNzi.aoihMk4quNkE9TA3UXg0GZW H1V2.GTzadzx7OMgBpi2s7C8AaheLvUj4xLJ1ERmgkgghoyRTzRaGIRlHblf ybfZRHFJzJRgqLRhlt1_CGeLRcgWvPWvO0IghQsJXvVbi9xFMVZqSqV0xeIA 9K0RctS7.uM5w9lRLD9JJXbbvstLAZgEQEZpiM4q_UQ_pYVnFCAuYrCs8zIW YUjxANrLKMaAC6knr_jvQ9ScRuM4Rne4Y0WK6n4R5..As17XYEfnC6es5CfU uY4l5PQbpzALEW9Ok6451x.8YH34kLIaHKdz9u9dDMjB43KNa1aI1mnQc.uC KLaQbqINhvyDeMzk8OeM30Xaec8UrPRcLY9xqF65pThItw93Ftp2kcPg_FKC xX1e1zV8PFEH6W3ARGbVwa_.8g..jbrbNdMuUqvdDfyMJcil3O1S0bSCSzFU FFYfrmi0sy_775SYqvPv6n4Fs9xMfZsr3bRhNj50FG32qYa07PpZUPySrNum K0uwMIlM- Received: from [12.202.173.2] by web162104.mail.bf1.yahoo.com via HTTP; Sat, 07 Jun 2014 10:12:14 PDT X-Rocket-MIMEInfo: 002.001, TWF0dGhldywKClRoYW5rcyBmb3IgeW91ciByZXNwb25zZSAtIEkgc3VzcGVjdCB0aGF0IHdhcyB0aGUgcHJvYmxlbSBJIHdhcyBlbmNvdW50ZXJpbmcgKHRoYXQgdGhlIElTUCB3aWxsIE5BVCBmb3IgbXkgZXh0ZXJuYWwgYWRkcmVzcykgYW5kIHRoYXQgaXMgd2h5IEkgc3dpdGNoZWQgdG8gbmF0ZC9kaXZlcnQsIGFuZCBpdCBpcyBpbmRlZWQgd29ya2luZyBwcm9wZXJseS4KClNvIHdoYXQgaXMgdGhlIHByb2JsZW0gPyDCoFdlbGwsIHRoZSBwcm9ibGVtIGlzIEkgYW0gdHJ5aW5nIHRvIHVzZSBzc2h1dHRsZSwBMAEBAQE- X-Mailer: YahooMailWebService/0.8.190.668 Message-ID: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Date: Sat, 7 Jun 2014 10:12:14 -0700 (PDT) From: None Secure Reply-To: None Secure Subject: RE: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? To: "freebsd-net@freebsd.org" , "matthew@freebsd.org" MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2014 17:15:10 -0000 Matthew,=0A=0AThanks for your response - I suspect that was the problem I w= as encountering (that the ISP will NAT for my external address) and that is= why I switched to natd/divert, and it is indeed working properly.=0A=0ASo = what is the problem ? =A0Well, the problem is I am trying to use sshuttle, = which inserts it's own set of divert rules into the ipfw table ... so I hav= e one natd_enable, and a set of divert rules ... and then we add another se= t of divert rules from sshuttle (which does not, btw, start it's own natd).= =0A=0ASo when you say that I can NAT multiple times ... can I NAT multiple = times on the same system ? =A0If I start a second natd (which sounds ridicu= lous to me) how does it know which set of diverts it is supposed to work on= ?=0A=0ABasically my system is working fine with natd/divert, but now I eit= her need to make it work without natd/divert (so that sshuttle can do its o= wn) or I need to find a way to use two sets of natd/divert ...=0A=0AComment= s ? From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 17:31:11 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 901D2D35; Sat, 7 Jun 2014 17:31:11 +0000 (UTC) Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B19A2168; Sat, 7 Jun 2014 17:31:10 +0000 (UTC) Received: from [10.51.51.109] (unknown [166.170.43.133]) by oj.bangj.com (Postfix) with ESMTPA id 5BB735DD; Sat, 7 Jun 2014 13:21:25 -0400 (EDT) References: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Mime-Version: 1.0 (1.0) In-Reply-To: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <917ED0A1-774C-4A46-B5E0-A750E2DDF6C2@bangj.com> X-Mailer: iPhone Mail (12A4265u) From: Tom Pusateri Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Date: Sat, 7 Jun 2014 10:21:24 -0700 To: None Secure Cc: "freebsd-net@freebsd.org" , "matthew@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2014 17:31:11 -0000 I've seen this setup with IPv4 before when the ISP does native IPv6. Maybe y= ou can get global IPv6 addresses and can SSH directly over that. If not, at l= east go on record requesting IPv6 with your provider to push them along. Tom > On Jun 7, 2014, at 10:12 AM, None Secure via freebsd-net wrote: >=20 > Matthew, >=20 > Thanks for your response - I suspect that was the problem I was encounteri= ng (that the ISP will NAT for my external address) and that is why I switche= d to natd/divert, and it is indeed working properly. >=20 > So what is the problem ? Well, the problem is I am trying to use sshuttle= , which inserts it's own set of divert rules into the ipfw table ... so I ha= ve one natd_enable, and a set of divert rules ... and then we add another se= t of divert rules from sshuttle (which does not, btw, start it's own natd). >=20 > So when you say that I can NAT multiple times ... can I NAT multiple times= on the same system ? If I start a second natd (which sounds ridiculous to m= e) how does it know which set of diverts it is supposed to work on ? >=20 > Basically my system is working fine with natd/divert, but now I either nee= d to make it work without natd/divert (so that sshuttle can do its own) or I= need to find a way to use two sets of natd/divert ... >=20 > Comments ? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"