SOLVED: 3 NICs NAT setup, almost there ...

From: Paiva, Gilson de (g-paiva_at_el.com.br)
Date: 05/26/03

  • Next message: Marko Zec: "Re: Network stack cloning / virtualization patches" 
    Date: Mon, 26 May 2003 13:48:03 -0300 (BRT)
To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org

    I could get this working by:

    natd.conf:
    redirect_address 192.168.1.x public_address
    same_ports yes
    unregistered_only yes
    use_socks yes

    The secret, thanks to Barney Wolff, is to run two instances of nat, but
    the real trick is -alias_address public_address on rl0 packets, this way:

    /sbin/natd -f /etc/natd.conf -n ep0
    /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address

    and

    ipfw add xxx divert 8668 all from any to any via ep0
    ipfw add xxx divert 8669 all from any to any via rl0

    Thanks Barney!

    >
    >> On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote:
    >>> Hi,
    >>>
    >>> Take this scenario:
    >>>
    >>>
    >>> xxx/26 yyy/26
    >>> internet --- ep0 freebsd rl0 --- wired clients
    >>> ep1
    >>> | private ip ( 192.168.1.0/24 )
    >>> |
    >>> wireless
    >>>
    >>> I have to nat packets with destination to an ip xxx/26 to an ip at
    private
    >>> ip net. So far so good with "common" redirect_address nat
    >>> configuration.
    >>> The problem happens with traffic between net yyy/26 and the private
    network ( and vice-versa ) because packets get routed to destination
    before they get translated by natd.
    >>> What´s the secret ? I tried everything I known and learned from
    reading but no setup could work out.
    >>
    >> I'd use ipfw and natd, and run two instances of natd listening on
    different
    >> divert sockets. Rules in ipfw can divert the packets to the right natd
    depending on where the packets are coming from or going to.
    >>
    >> --
    >> Barney Wolff http://www.databus.com/bwresume.pdf
    >> I'm available by contract or FT, in the NYC metro area or via the 'Net.
    _______________________________________________
    >> freebsd-net@freebsd.org mailing list
    >> http://lists.freebsd.org/mailman/listinfo/freebsd-net
    >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    >>
    >
    >
    > --
    > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    > Paiva, Gilson de Domingos Martins
    > mailto:npd@el.com.br Brazil
    > http://www.el.com.br/ E&L Producoes de Software
    > http://www.FreeBSD.org/ FreeBSD: The Power to Serve
    > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    >
    >
    > ------------------------------------------------------------------------------
    Aviso Legal:
    > Esta mensagem pode nao expressar oficialmente as ideias ou vontades da
    empresa
    > E&L Producoes de Software, sendo responsavel por esta exclusivamente seu
    autor.
    > 

    -- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Paiva, Gilson de        Domingos Martins
 mailto:npd@el.com.br    Brazil
 http://www.el.com.br/   E&L Producoes de Software
 http://www.FreeBSD.org/ FreeBSD: The Power to Serve
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
Aviso Legal:
Esta mensagem pode nao expressar oficialmente as ideias ou vontades da
empresa E&L Producoes de Software, sendo responsavel por esta
exclusivamente seu autor.
-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Paiva, Gilson de        Domingos Martins
 mailto:npd@el.com.br    Brazil
 http://www.el.com.br/   E&L Producoes de Software
 http://www.FreeBSD.org/ FreeBSD: The Power to Serve
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
------------------------------------------------------------------------------
Aviso Legal:
Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa
E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
  • Next message: Marko Zec: "Re: Network stack cloning / virtualization patches"

    Relevant Pages

    • SOLVED: 3 NICs NAT setup, almost there ...
      ... ipfw add xxx divert 8668 all from any to any via ep0 ... before they get translated by natd. ... > E&L Producoes de Software, sendo responsavel por esta exclusivamente seu ... Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. ...
      (freebsd-questions)
    • Off Topic: Ascend 4000 with R2 signaling doesnt answer calls...
      ... empresa E&L Producoes de Software, ... Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa ... sendo responsavel por esta exclusivamente seu autor. ...
      (freebsd-questions)
    • Re: IDE versa Scsi freebsd
      ... > Scsi over an IDE hard drive? ... Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. ... To unsubscribe, ...
      (freebsd-questions)
    • Off Topic: Ascend 4000 with R2 signaling doesnt answer calls...
      ... Trunk is up but when I dial max doesn't recognise the call. ... Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa ... E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. ...
      (freebsd-isp)