From owner-freebsd-ipfw@FreeBSD.ORG Fri May 11 08:49:42 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7B0AB16A400 for ; Fri, 11 May 2007 08:49:42 +0000 (UTC) (envelope-from igorpopov@newmail.ru) Received: from mx1.mail.wbt.ru (mx1.mail.wbt.ru [80.250.64.6]) by mx1.freebsd.org (Postfix) with ESMTP id 20F0413C448 for ; Fri, 11 May 2007 08:49:42 +0000 (UTC) (envelope-from igorpopov@newmail.ru) Received: from moon.wbt.ru ([80.250.66.38]) by mx1.mail.wbt.ru (Exim) with esmtp sent from for id 1HmQXj-0007c3-QI; Fri, 11 May 2007 11:32:03 +0300 From: Igor Popov Organization: Home To: freebsd-ipfw@freebsd.org Date: Fri, 11 May 2007 11:31:53 +0300 User-Agent: KMail/1.9.6 MIME-Version: 1.0 Content-Disposition: inline Message-Id: <200705111131.54064.igorpopov@newmail.ru> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-ACL-Warn: X-AV 1 1178872323 X-ACL-Warn: X-AV 2 1178872323 X-ACL-Warn: X-AV 3 1178872323 X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0255], KAS30/Release X-SpamTest-Info: Not protected Subject: nat on bridge X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 May 2007 08:49:42 -0000 hi. I have a question about NAT (pf) on bridge. Network diagram: [PPPoE clients 192.168.0.0/16 and real ip] <-->[PPPoE concetrator 80.0.0.1/29]<---->[em0 FreeBSD bridge and NAT 80.0.0.2/29 em1]<----->80.0.0.3/29[BGP Router] Why bridge? Both PPPoE concentrator and BGP router are Cisco routers, there is dynamic routing (EIGRP) between them, so it must be directly connected. FreeBSD should NAT internal ip network and switch on bridge all another packets, is it possible? ifconfig em0 up ifconfig em1 up ifconfig bridge0 addm em0 addm em1 up ifconfig bridge0 inet 80.0.0.2/29 route add default 80.0.0.3 pf rules: table const {192.168.0.0/16} nat on bridge0 tagged TO_NAT tag NATED -> (bridge0) pass in on em1 all keep state pass in on em0 inet tag TO_INET keep state pass in on em0 inet from to any tag TO_NAT keep state pass out on em1 tagged NATED pass out on em1 tagged TO_INET -- You climb to reach the summit, but once there, discover that all roads lead down. -- Stanislaw Lem, "The Cyberiad"