Date: Wed, 22 Feb 2006 09:44:25 -0300 From: Tiago Cruz <tiagocruz@forumgdh.net> To: freebsd-pf@FreeBSD.org Subject: Dirty NAT tricks Message-ID: <1140612265.5617.25.camel@localhost.localdomain>
next in thread | raw e-mail | index | archive | help
Hello guys, Following this link: http://www.nimlabs.org/~nim/dirtynat.html I learn that I can do some "dirty NAT trick" with my firewall to make this: "You have a corporate LAN. You want to set up a VPN (in this case OpenVPN) into the LAN for your road-warriors. However, your LAN is numbered with one of the very common private subnets, such as 192.168/16. Your road-warriors often get addresses in the same private subnet from their coffee-shops, and this breaks things horribly." So.. How can I manage the PREROUTING and POSTROUTING rules in PF? iptables -v -t nat -A PREROUTING -d 192.168.8.0/24 -j NETMAP --to 10.22.8.0/24 iptables -v -t nat -A PREROUTING -i tap0 -d 10.22.0.0/16 -j NETMAP --to 192.168.0.0/16 iptables -v -t nat -A POSTROUTING -o tap0 -s 192.168.0.0/16 -j NETMAP --to 10.22.0.0/16 iptables -v -t nat -A POSTROUTING -o eth0 -s 10.22.0.0/16 -j NETMAP --to 192.168.0.0/16 Thank you! -- Tiago Cruz http://linuxrapido.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1140612265.5617.25.camel>