Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Sep 2009 10:08:57 -0400
From:      Steve Bertrand <steve@ibctech.ca>
To:        Freeco <freeco@inbox.lv>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPF, NAT or NIC
Message-ID:  <4AB39479.8090205@ibctech.ca>
In-Reply-To: <25508442.post@talk.nabble.com>
References:  <25491958.post@talk.nabble.com>	<20090917174950.GC34712@ei.bzerk.org>	<25504647.post@talk.nabble.com>	<200909180815.n8I8FpFS045063@banyan.cs.ait.ac.th>	<25507235.post@talk.nabble.com> <4AB37AE0.2070409@ibctech.ca> <25508442.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Freeco wrote:
> So it means that i will need 2 more NIC's in my gateway?
> 
> 				|---------<pc>
> 				|
> ISP>-----------<Gateway>-----<Switch>-----<pc>
> 				|
> 				|_________<pc>
> 
> Why all pc's can't be in one subnet? I'll be happy with one subnet,

Ok. One of us is confused, but I don't know who yet :)

A 'subnet' is a term used to describe a portion of an IP address space,
where each device in that space can communicate with one another without
using a router:

192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254
can 'speak' to each other without using a router. If you have more than
one PC, you need a 'switch' or hub to physically connect all of those
devices, so they can all speak to each other. (fwiw, I cringe at the
term subnet).

In the diagram above, you need two NICs in the gateway. One goes to the
ISP, and the other 192.168.1.2 goes to the switch. The rest of the
computers also plug into the switch. If all of the devices have
192.168.1.x, they are all in the same subnet.

> i don't
> need more. I tried this:
> 
> ISP x.x.88.17>-----------<x.x.88.20 Gateway 192.168.1.2>----------<pc cable
> unplugged 192.168.1.7>?

You need what's known as a 'cross-over' cable to connect the PC to the
Gateway directly. The first sentence in this link describes it well:

http://en.wikipedia.org/wiki/Ethernet_crossover_cable


> I want to use this one:
>                                                                                           
> |---------<pc 192.168.1.5>
>                                                                                           
> |
> ISP x.x.88.17>-----------<x.x.88.20 Gateway
> 192.168.1.2>-----<Switch>-----<pc 192.168.1.6>
>                                                                                           
> |
>                                                                                           
> |_________<pc 192.168.1.7> 
> 

The diagram got mangled, but from what I can tell, this is the same as
the diagram I left at the top of this message.

> The gateway will work like firewall and nat. Maybe i have wrong settings on
> my pc?

You do. Although technically it will work, you have in your gateway:

192.168.1.2 255.255.255.0

...but on the pc:

192.168.1.7 255.255.255.128:

> ----PC Settings----
> IP: 192.168.1.7
> Mask: 255.255.255.128 (same in rc.conf)
> Gateway: 192.168.1.2
> Dns: x.x.88.17
> Dns: 192.168.1.2

I'm not convinced that there still isn't a cabling issue,. I don't use
NAT, so perhaps someone else can help with any config issues, but I
would find out/fix what is causing the traffic to be received on the
wrong interface first.

Also, I just noticed in your original post that there appears to be
another clerical error. Again, I don't know ipnat, but I would suspect
that this:

map fxp0 192.168.0.0/16 -> 0/32

should really be this:

map fxp0 192.168.0.0/24 -> 0/32

Aside from that, are you sure that this entry shouldn't be:

map rl0 192.168.0.0/24 -> 0/32

? Again, I don't know ipnat, but to me, in the fxp0 entry, it looks like
you are trying to map the 192 space coming INTO fxp0 (which in your
original post is the NIC that faces the ISP, not the internal network).
If this is how ipnat looks at this, then this is also a problem.

Steve

[-- Attachment #2 --]
0	*H
010	+0	*H
00CK9AbxIUw0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B10UThawte Freemail Member10	*H
	steve@ibctech.ca0"0
	*H
0
DZ杙<2IⵀfrsE6q?0.>
S@Œ!V?A\Q
r-aZ
Ōf/0{OYQhɏߴ
F_\Q0BF=<_.a*3epeY|tݼcvlҷ+@piQA{2E9WN4[Z`h6VM/zPbd(GC^K6XV4j<t-0+0U0steve@ibctech.ca0U00
	*H
æ|85aQz-*3HG		.s*Fw*`HvFw;9ytƘn0taC/:WC+LÙ{Oq 1n00CK9AbxIUw0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B10UThawte Freemail Member10	*H
	steve@ibctech.ca0"0
	*H
0
DZ杙<2IⵀfrsE6q?0.>
S@Œ!V?A\Q
r-aZ
Ōf/0{OYQhɏߴ
F_\Q0BF=<_.a*3epeY|tݼcvlҷ+@piQA{2E9WN4[Z`h6VM/zPbd(GC^K6XV4j<t-0+0U0steve@ibctech.ca0U00
	*H
æ|85aQz-*3HG		.s*Fw*`HvFw;9ytƘn0taC/:WC+LÙ{Oq 1n0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO1d0`0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0	+0	*H
	1	*H
0	*H
	1
090918140857Z0#	*H
	1!:@CP6[0R	*H
	1E0C0
*H
0*H
0
*H
@0+0
*H
(0	+71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0*H
	1xv0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9AbxIUw0
	*H
S{G
z/Cϑ!:E
8Iey#_%?AF}_|TTF谭>U0 Ί>EJE:>^E==_tYБ-̲glدUFla0i)n43YѨmG`ͿXZ 3eO
i-DR5E!!>\W6t
ސ]zq6
RpV"U.!%

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AB39479.8090205>