Date: Thu, 6 Sep 2001 13:40:07 -0700 From: fallous <fallous@warped.com> To: Kenneth W Cochran <kwc@world.std.com> Cc: freebsd-stable@freebsd.org Subject: Re: NAT with >1 public interface still not working Message-ID: <200109062040.f86Ke7w03101@web.sitecontent.com> In-Reply-To: <200109062034.QAA17278@world.std.com> References: <200109061442.KAA04616@world.std.com> <200109062034.QAA17278@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
the IP you get from dhcp, assuming that fxp0 and ppp0 use the same IP, but fxp0 is outbound only and ppp0 is inbound only. if it's doing something funky like using a different IP for each interface, then life is going to get more interesting should still be doable. On Thursday 06 September 2001 01:34 pm, Kenneth W Cochran wrote: > Hey, thanks... (& for your previous message a couple of days > ago, too, but I've been having email troubles.) > > But it still doesn't work, i.e. no change from previous > behavior. As a test/example, traceroute from the "private" > machine to anywhere "outside" stops at the gateway machine. > > This *has* to work somehow - I got this to work a few months > ago for someone using Windows 98 & its ICS (Internet Connection > Sharing). This is obviously some kind of "operator error" (& > truth-be-known, probably yet another shortcoming of Windows, > security-wise), but I can't find the information I need to > make this work. :( > > For example, which IP? What change(s) do I need to make to my ipfw > fules and/or natd to fix this? Or maybe I should use ipnat? > > -kc > > From: fallous <fallous@warped.com> > > >To: Kenneth W Cochran <kwc@world.std.com>, freebsd-stable@freebsd.org > >Subject: Re: NAT with >1 public interface still not working > >Date: Thu, 6 Sep 2001 08:20:59 -0700 > > > >divert 8668 ip from any to any via IP instead of interface name should > > work assuming that incoming on fxp0 has the same destination IP as what > > your outgoing packets use as source. > > > >On Thursday 06 September 2001 07:42 am, Kenneth W Cochran wrote: > >> Hello: > >> > >> How do I "properly" set up NAT on a (gateway) system that > >> "transmits" and "receives" on different interfaces? > >> > >> Briefly - Machine A receives on fxp0 & transmits on ppp0. > >> I'd like to use a 2nd Ethernet on Machine A (fxp1) for the > >> "NAT"ed/masqueraded network. > >> > >> Scenario: > >> > >> Machine A: > >> - Running RELENG_4 as of 2001/09/01; tracking -stable roughly weekly > >> (thus one reason I'm asking on -stable :). > >> - Connected to a "hybrid" aka "1-way" cable-modem, > >> - "Receives" via cablemodem/Ethernet (fxp0, config'ed as 10.0.0.11/24) > >> - "Transmits/outgoing" via analog dial-modem & ppp(d). > >> - "Real" ip-address is established by (kernel) pppd (ppp0, > >> *not* tun0), and is "officially" dynamic, even though it > >> always (at least right now) gets the same ip-address. > >> - Runs cache-only nameserver. > >> - Has been running in this manner for about 1.5 years. > >> - (recently) Has 2nd NIC (fxp1), connected to hub for private network. > >> > >> Machine B: > >> - Has private ip-address on "its" fxp0. > >> - Connected via hub to 2nd NIC (fxp1) on Machine A. > >> > >> I've followed the instructions from the Handbook, Section > >> 18.10, Network Address Translation with regard to kernel & > >> rc.conf configuration, etc. > >> > >> Here is the output from "ipfw list" on Machine A: > >> > >> 00050 divert 8668 ip from any to any via fxp0 > >> 00100 allow ip from any to any via lo0 > >> 00200 deny ip from any to 127.0.0.0/8 > >> 00300 deny ip from 127.0.0.0/8 to any > >> 65000 allow ip from any to any > >> 65535 allow ip from any to any > >> > >> Machines A & B can talk to each other; I can ping & ssh from/to > >> either one, & DNS works on both machines. However, while > >> Machine A communicates "outside" (with the Internet) as usual, > >> Machine B cannot. I'm beginning to wonder if FreeBSD can even > >> *do* this, as I can't find anything in the natd manpage (or > >> experimentation) that indicates natd can support >1 interface, > >> and the manpages are silent about use of kernel ppp for this. (?) :-/ > >> > >> I'm thinking something needs to be tweaked in the ipfw and/or > >> natd-config(s). Suggestions? Also, where would be the best place(s) > >> to put these "customizations" (for example, so as to not be any > >> more "disruptive" than necessary to the base-OS configs)? > >> Does it matter whether the ppp(d)-link is up before/after > >> ipfw/natd configuration? > >> > >> Of course, FAQ/-doc/readme pointers are quite welcome. :) > >> Please cc replies to me. > >> > >> Many thanks, > >> > >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109062040.f86Ke7w03101>