Date: Tue, 31 Jan 2006 12:30:42 +0000 From: Brian Candler <B.Candler@pobox.com> To: Julian Elischer <julian@elischer.org> Cc: Tiago Cruz <tiagocruz@b4br.net>, "freebsd-net@FreeBSD.org" <freebsd-net@FreeBSD.org> Subject: Re: Network client is the same from server Message-ID: <20060131123042.GA74812@uk.tiscali.com> In-Reply-To: <43DE6030.4090702@elischer.org> References: <1138387362.4742.9.camel@localhost.localdomain> <43DA6C6A.7050701@elischer.org> <1138390041.4742.19.camel@localhost.localdomain> <43DA8E70.2070804@elischer.org> <1138621574.18130.26.camel@localhost.localdomain> <43DE6030.4090702@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 30, 2006 at 10:51:28AM -0800, Julian Elischer wrote:
> Tiago Cruz wrote:
>
> >On Fri, 2006-01-27 at 13:19 -0800, Julian Elischer wrote:
> >
> >
> >
> >>it is definitly possible
> >>but you will have to do some reading
> >>natd can do it.
> >>
> >>
>
> it should be in the natd man page.. (or libalias page)
Maybe, but it's not very clear though.
I think he needs to NAT destination addresses as well as source addresses,
and statically map a whole /24 to another /24. Put diagramatically:
192.168.0.0/24 192.168.0.0/24
------+---------- GW1 -------------------- GW2 -----+-----------
| |
X Y
In order to allow X (say 192.168.0.1) to communicate with Y (say also
192.168.0.1), then we need to map both address ranges into new space.
Let's say we use 192.168.100.0/24 for the first network and 192.168.200.0/24
for the second network. Then the connection from X to Y will appear to be
from 192.168.100.1 to 192.168.200.1 when viewed on the middle wire.
So at GW1, *outbound* packets from 192.168.0.X to 192.168.200.Y need to have
their *source* IP mapped to 192.168.100.X
At GW2, *inbound* packets from anywhere to 192.168.200.Y need to have their
*destination* IP mapped to 192.168.0.Y
Plus the mirror: at GW2, outbound packets from 192.168.0.X to 192.168.100.Y
need to have their source IP mapped to 192.168.200.X; at GW1, inbound
packets from anywhere to 192.168.100.Y need to have their destination IP
mapped to 192.168.0.Y
The only way I can see to do this with natd is with 254 separate
-redirect_address rules. On GW1 you'd need
-redirect_address 192.168.0.1 192.168.100.1
-redirect_address 192.168.0.2 192.168.100.2
...
and on GW2 you'd need
-redirect_address 192.168.0.1 192.168.200.1
-redirect_address 192.168.0.2 192.168.200.2
...
Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060131123042.GA74812>