From owner-freebsd-net@FreeBSD.ORG Tue Jan 31 12:30:49 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 316B816A420 for ; Tue, 31 Jan 2006 12:30:49 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F94243D7D for ; Tue, 31 Jan 2006 12:30:47 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id 9A70681; Tue, 31 Jan 2006 07:31:08 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 268579390; Tue, 31 Jan 2006 07:31:05 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.60 (FreeBSD)) (envelope-from ) id 1F3ueg-000JTd-ED; Tue, 31 Jan 2006 12:30:42 +0000 Date: Tue, 31 Jan 2006 12:30:42 +0000 From: Brian Candler To: Julian Elischer Message-ID: <20060131123042.GA74812@uk.tiscali.com> References: <1138387362.4742.9.camel@localhost.localdomain> <43DA6C6A.7050701@elischer.org> <1138390041.4742.19.camel@localhost.localdomain> <43DA8E70.2070804@elischer.org> <1138621574.18130.26.camel@localhost.localdomain> <43DE6030.4090702@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43DE6030.4090702@elischer.org> User-Agent: Mutt/1.4.2.1i Cc: Tiago Cruz , "freebsd-net@FreeBSD.org" Subject: Re: Network client is the same from server X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2006 12:30:49 -0000 On Mon, Jan 30, 2006 at 10:51:28AM -0800, Julian Elischer wrote: > Tiago Cruz wrote: > > >On Fri, 2006-01-27 at 13:19 -0800, Julian Elischer wrote: > > > > > > > >>it is definitly possible > >>but you will have to do some reading > >>natd can do it. > >> > >> > > it should be in the natd man page.. (or libalias page) Maybe, but it's not very clear though. I think he needs to NAT destination addresses as well as source addresses, and statically map a whole /24 to another /24. Put diagramatically: 192.168.0.0/24 192.168.0.0/24 ------+---------- GW1 -------------------- GW2 -----+----------- | | X Y In order to allow X (say 192.168.0.1) to communicate with Y (say also 192.168.0.1), then we need to map both address ranges into new space. Let's say we use 192.168.100.0/24 for the first network and 192.168.200.0/24 for the second network. Then the connection from X to Y will appear to be from 192.168.100.1 to 192.168.200.1 when viewed on the middle wire. So at GW1, *outbound* packets from 192.168.0.X to 192.168.200.Y need to have their *source* IP mapped to 192.168.100.X At GW2, *inbound* packets from anywhere to 192.168.200.Y need to have their *destination* IP mapped to 192.168.0.Y Plus the mirror: at GW2, outbound packets from 192.168.0.X to 192.168.100.Y need to have their source IP mapped to 192.168.200.X; at GW1, inbound packets from anywhere to 192.168.100.Y need to have their destination IP mapped to 192.168.0.Y The only way I can see to do this with natd is with 254 separate -redirect_address rules. On GW1 you'd need -redirect_address 192.168.0.1 192.168.100.1 -redirect_address 192.168.0.2 192.168.100.2 ... and on GW2 you'd need -redirect_address 192.168.0.1 192.168.200.1 -redirect_address 192.168.0.2 192.168.200.2 ... Brian.