Date: Sat, 7 Jun 2014 10:12:14 -0700 (PDT) From: None Secure <none_secure@yahoo.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "matthew@freebsd.org" <matthew@freebsd.org> Subject: RE: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com>
next in thread | raw e-mail | index | archive | help
Matthew,=0A=0AThanks for your response - I suspect that was the problem I w= as encountering (that the ISP will NAT for my external address) and that is= why I switched to natd/divert, and it is indeed working properly.=0A=0ASo = what is the problem ? =A0Well, the problem is I am trying to use sshuttle, = which inserts it's own set of divert rules into the ipfw table ... so I hav= e one natd_enable, and a set of divert rules ... and then we add another se= t of divert rules from sshuttle (which does not, btw, start it's own natd).= =0A=0ASo when you say that I can NAT multiple times ... can I NAT multiple = times on the same system ? =A0If I start a second natd (which sounds ridicu= lous to me) how does it know which set of diverts it is supposed to work on= ?=0A=0ABasically my system is working fine with natd/divert, but now I eit= her need to make it work without natd/divert (so that sshuttle can do its o= wn) or I need to find a way to use two sets of natd/divert ...=0A=0AComment= s ? From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 17:31:11 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 901D2D35; Sat, 7 Jun 2014 17:31:11 +0000 (UTC) Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B19A2168; Sat, 7 Jun 2014 17:31:10 +0000 (UTC) Received: from [10.51.51.109] (unknown [166.170.43.133]) by oj.bangj.com (Postfix) with ESMTPA id 5BB735DD; Sat, 7 Jun 2014 13:21:25 -0400 (EDT) References: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Mime-Version: 1.0 (1.0) In-Reply-To: <1402161134.5132.YahooMailNeo@web162104.mail.bf1.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <917ED0A1-774C-4A46-B5E0-A750E2DDF6C2@bangj.com> X-Mailer: iPhone Mail (12A4265u) From: Tom Pusateri <pusateri@bangj.com> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Date: Sat, 7 Jun 2014 10:21:24 -0700 To: None Secure <none_secure@yahoo.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, "matthew@freebsd.org" <matthew@freebsd.org> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 17:31:11 -0000 I've seen this setup with IPv4 before when the ISP does native IPv6. Maybe y= ou can get global IPv6 addresses and can SSH directly over that. If not, at l= east go on record requesting IPv6 with your provider to push them along. Tom > On Jun 7, 2014, at 10:12 AM, None Secure via freebsd-net <freebsd-net@free= bsd.org> wrote: >=20 > Matthew, >=20 > Thanks for your response - I suspect that was the problem I was encounteri= ng (that the ISP will NAT for my external address) and that is why I switche= d to natd/divert, and it is indeed working properly. >=20 > So what is the problem ? Well, the problem is I am trying to use sshuttle= , which inserts it's own set of divert rules into the ipfw table ... so I ha= ve one natd_enable, and a set of divert rules ... and then we add another se= t of divert rules from sshuttle (which does not, btw, start it's own natd). >=20 > So when you say that I can NAT multiple times ... can I NAT multiple times= on the same system ? If I start a second natd (which sounds ridiculous to m= e) how does it know which set of diverts it is supposed to work on ? >=20 > Basically my system is working fine with natd/divert, but now I either nee= d to make it work without natd/divert (so that sshuttle can do its own) or I= need to find a way to use two sets of natd/divert ... >=20 > Comments ? > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1402161134.5132.YahooMailNeo>