Re: Networking Puzzle

On Sat, 2006-02-18 at 22:42 +0000, Cian Hughes wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is one for those of you that like a challenge:
I have a freebsd 7-current box, it has two interfaces rl0 (connected
to wireless link) and rl1 (LAN)
rl0 has no addresses
I run PPPoE on rl0 which gives me an static IP address (lets call
this 1.2.3.4) and Default Gateway.
I also have a /29 of public IP's which are routed through this address
the first address x.x.x.1 is assigned to rl1

The normal setup is a cisco router on the wireless link, and all
computers route through it (but my cisco router is broken).

Any traffic originating from 1.2.3.4 and going to the outside world
is blocked by an upstream firewall that I have no control over,
anything in my public range has no upstream firewalling.

Sysctl is set to forward packets, and machines on the LAN with public
ips in my range work as expected.

however if i do something like this:
ping freebsd.org
it fails because the packets automatically originate from 1.2.3.4

if I do this:
ping -S x.x.x.1 freebsd.org (thus setting the src address to a non-
firewalled IP)
it all goes fine and the packets return.

Inbound connections (eg ssh) from the internet to x.x.x.1 work, but
obviously any web access from my freebsd box fails.

My Question: How do i set the src address for all outbound packets
originating on my machine to x.x.x.1 instead of 1.2.3.4 when they are
passing through my pppoe tunnel?

BTW this is not a show stopper for me, I have placed an old PII
machine between my server and the pppoe tunnel, which solves it. I'm
just curious as to whether or not there is a solution.

Regards, Cian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD96LCaVVfOlCF0TQRAmsQAJwJq5N77DJZ/SC6qCR8hDpz0ty2mACcCfWl
s+/TkKXGcYiXFt3Ou2yxVdY=
=S5Pc
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

If I did not understand your setup, I do apologize, but it looks like

natd -a x.x.x.1

should do the trick. Make sure that you are either have

options IPDIVERT #divert sockets

in your kernel configuration, or

kldload ipdivert

or better yet, read 'man natd' ;)

--
Alexandre "Sunny" Kovalenko (Олександр Коваленко)

_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Restarting ADSL Connection Problem
    ... >> For PPPoE the MTU should be around 48 bytes larger than the MSS value. ... Ping some internet server and stipulate ... In the first example a payload of 1473 bytes is too large: ... packets transmitted, 0 packets received, 100.0% packet loss ...
    (comp.unix.bsd.openbsd.misc)
  • Re: DSL works, almost
    ... >> route to it. ... > Isn't that the reason for your suggestion to mask the LAN? ... > that to communicate with the modem's PPPoE, ... modem) would eliminate the double NAT (masquerading behind NAT). ...
    (comp.os.linux.networking)
  • 3.6 pppoe setup fails - config/debug info incl >
    ... with my pppoe setup? ... ppp ON iDSRDL> quit all ... packets transmitted, 5 packets received, 0.0% packet loss ... block drop out log-all quick inet6 all ...
    (comp.unix.bsd.openbsd.misc)
  • Re: PPPoE and fragmentation
    ... running OpenWRT for wireless, switch, firewall and doing the PPPoE ... to adjust LAN eth mtu of the sendmail server to mtu 1492. ... settings on router LAN nics. ...
    (comp.os.linux.networking)
  • Am I about to shoot myself in the foot?
    ... I would like to have the ability to Telnet into an ADSL modem from the LAN. ... the PPPoE router wants to either keep the Telnet ...
    (comp.security.firewalls)