Re[2]: NAT with two different alias addresses. Is it possible?
> Am Montag, 9. Mai 2005 22:29 schrieb Денис Медведев: >> Hello, everybody! >> >> I've just installed freeBSD 5.3 on my old computer to make it NAT >> router for internet sharing. The example is classical: two machines in >> my internal network and one IP from provider. Except one moment - my >> internet connection is established through PPPoE. So my unix has 3 >> network interfaces: >> rl0 - provider's network 10.10.54.107/16 >> tun0 - pppoe (through rl0 of course). Here my IP is 192.168.54.107 >> rl1 - my internal network 172.16.0.1/24 (do not laugh i've made it >> for difference) >> >> NAT has alias address 192.168.54.107, and internet connection works >> perfectly. BUT there are a lot of resources in 10.10.54.107/16 >> network I can't get access from my internal machines. I think address >> translation to 10.10.54.107 could help. Or not? Maybe it is possible >> to launch second NATd for this interface? > Hmm, I don't know if I understood correctly but you don't need to NAT if > you want to route from 172.16.0/24 to 10.10/16. Just NAT anything on tun0 > from !192.168.54.107 to any. (And make sure gateway_enable="YES", resp. > net.inet.ip.forwarding=1) > You don't tell us whether you use IPFW, IPF or PF, but at least for the > latter two you could define more than one NAT rule! > -Harry I use IPFW, and the rules are the following: divert nat ip from {172.16.0.5 or 172.16.0.7} to any out via tun0 divert nat ip from any to any in via tun0 allow ip from {172.16.0.5 or 172.16.0.7} to any in via rl1 keep-state allow ip from 192.168.54.107 to any out via tun0 keep-state deny ip from any to any Generally, i want 172.16.0.7 to see MS windows network (10.10/16) as a client. WBR Denis mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT with two different alias addresses. Is it possible?
Hello, everybody! I've just installed freeBSD 5.3 on my old computer to make it NAT router for internet sharing. The example is classical: two machines in my internal network and one IP from provider. Except one moment - my internet connection is established through PPPoE. So my unix has 3 network interfaces: rl0 - provider's network 10.10.54.107/16 tun0 - pppoe (through rl0 of course). Here my IP is 192.168.54.107 rl1 - my internal network 172.16.0.1/24 (do not laugh i've made it for difference) NAT has alias address 192.168.54.107, and internet connection works perfectly. BUT there are a lot of resources in 10.10.54.107/16 network I can't get access from my internal machines. I think address translation to 10.10.54.107 could help. Or not? Maybe it is possible to launch second NATd for this interface? -- Best Regards Denis mailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT with two different alias addresses. Is it possible?
Am Montag, 9. Mai 2005 22:29 schrieb Денис Медведев: > Hello, everybody! > > I've just installed freeBSD 5.3 on my old computer to make it NAT > router for internet sharing. The example is classical: two machines in > my internal network and one IP from provider. Except one moment - my > internet connection is established through PPPoE. So my unix has 3 > network interfaces: > rl0 - provider's network 10.10.54.107/16 > tun0 - pppoe (through rl0 of course). Here my IP is 192.168.54.107 > rl1 - my internal network 172.16.0.1/24 (do not laugh i've made it > for difference) > > NAT has alias address 192.168.54.107, and internet connection works > perfectly. BUT there are a lot of resources in 10.10.54.107/16 > network I can't get access from my internal machines. I think address > translation to 10.10.54.107 could help. Or not? Maybe it is possible > to launch second NATd for this interface? Hmm, I don't know if I understood correctly but you don't need to NAT if you want to route from 172.16.0/24 to 10.10/16. Just NAT anything on tun0 from !192.168.54.107 to any. (And make sure gateway_enable="YES", resp. net.inet.ip.forwarding=1) You don't tell us whether you use IPFW, IPF or PF, but at least for the latter two you could define more than one NAT rule! -Harry pgpZZ9yFkKGYg.pgp Description: PGP signature