Date: Thu, 6 Sep 2001 08:20:59 -0700 From: fallous <fallous@warped.com> To: Kenneth W Cochran <kwc@world.std.com>, freebsd-stable@freebsd.org Subject: Re: NAT with >1 public interface still not working Message-ID: <200109061521.f86FKxw02676@web.sitecontent.com> In-Reply-To: <200109061442.KAA04616@world.std.com> References: <200109061442.KAA04616@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
divert 8668 ip from any to any via IP instead of interface name should work assuming that incoming on fxp0 has the same destination IP as what your outgoing packets use as source. On Thursday 06 September 2001 07:42 am, Kenneth W Cochran wrote: > Hello: > > How do I "properly" set up NAT on a (gateway) system that > "transmits" and "receives" on different interfaces? > > Briefly - Machine A receives on fxp0 & transmits on ppp0. > I'd like to use a 2nd Ethernet on Machine A (fxp1) for the > "NAT"ed/masqueraded network. > > Scenario: > > Machine A: > - Running RELENG_4 as of 2001/09/01; tracking -stable roughly weekly > (thus one reason I'm asking on -stable :). > - Connected to a "hybrid" aka "1-way" cable-modem, > - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24) > - "Transmits/outgoing" via analog dial-modem & ppp(d). > - "Real" ip-address is established by (kernel) pppd (ppp0, > *not* tun0), and is "officially" dynamic, even though it > always (at least right now) gets the same ip-address. > - Runs cache-only nameserver. > - Has been running in this manner for about 1.5 years. > - (recently) Has 2nd NIC (fxp1), connected to hub for private network. > > Machine B: > - Has private ip-address on "its" fxp0. > - Connected via hub to 2nd NIC (fxp1) on Machine A. > > I've followed the instructions from the Handbook, Section > 18.10, Network Address Translation with regard to kernel & > rc.conf configuration, etc. > > Here is the output from "ipfw list" on Machine A: > > 00050 divert 8668 ip from any to any via fxp0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 allow ip from any to any > > Machines A & B can talk to each other; I can ping & ssh from/to > either one, & DNS works on both machines. However, while > Machine A communicates "outside" (with the Internet) as usual, > Machine B cannot. I'm beginning to wonder if FreeBSD can even > *do* this, as I can't find anything in the natd manpage (or > experimentation) that indicates natd can support >1 interface, > and the manpages are silent about use of kernel ppp for this. (?) :-/ > > I'm thinking something needs to be tweaked in the ipfw and/or > natd-config(s). Suggestions? Also, where would be the best place(s) > to put these "customizations" (for example, so as to not be any > more "disruptive" than necessary to the base-OS configs)? > Does it matter whether the ppp(d)-link is up before/after > ipfw/natd configuration? > > Of course, FAQ/-doc/readme pointers are quite welcome. :) > Please cc replies to me. > > Many thanks, > > -kc > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109061521.f86FKxw02676>