bridging, ipf

From: Andrew Heyn (aheyn_at_jmsent.com)
Date: 12/17/04

  • Next message: Josh Kayse: "em0 link_state" 
    To: <freebsd-net@freebsd.org>
Date: Thu, 16 Dec 2004 18:05:28 -0800

    Hi,

    Here is my setup:

    fxp0: no ip -> switch -> (computer with ip: 200.200.200.147, gateway
    200.200.200.145)
      ^
      |
    bridged
      |
      \/
    fxp1: 200.200.200.146, 148, 149, 150 -> <isp gateway 200.200.200.145> ->
    (internet)
      ^
    ipf/ipnat
      |
      \/
    fxp2: 192.168.1.1 -> switch -> lots of computers with 192.168.1.x addresses
    (all use 192.168.1.1 as gw)

    Computers on fxp2 have no problem accessing the internet, and neither does
    200.200.200.147...
    I am at a loss, though, at how to get a request from 192.168.1.x to
    successfully be natted with th
    e public ip on fxp1 (200.200.200.145) and access 200.200.200.147. There's
    no access to the bridged
    computer from the natted computers, and I dont know how to make it work.

    It seems that http://www.moatware.com/support/docbook/faq-bridge.html
    documents this problem and it
    has to do with ipnat in processing the packets returning from
    200.200.200.147 on fxp0, which has no IP.

    Is there a rule to ipnat I can add to make the lookups on the returning
    packets succcessful, or
    another way to make it work?

    Would this setup also the natted computers to access the bridged computer by
    its public ip?

    fxp0: no ip -> switch -> computer with public ip
      ^
      |
    bridged
      |
      \/
    fxp1: no ip -> switch -> cat5 from ISP

    fxp2: public ip -> connected to switch fxp1 is
      ^
      |
    ipf/ipnat
      \/
    fxp3: 192.168.1.1 -> switch -> internal computers

    I want all traffic to go through this one machine so accounting and other
    filtering/limiting can be done...
    all through one computer.

    Thanks,
    Andrew

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Josh Kayse: "em0 link_state"

    Relevant Pages

    • The Microsoft Way (OT)
      ... programmers generally know a lot about computers. ... For years I have been deprived from REAL access to the internet. ... I have found bugs, but most ... can even get their computers running at all. ...
      (alt.lang.asm)
    • Re: How to stop OE6 from multithreading on the news server? - another problem
      ... > from the Internet and nothing can find my computer on the Internet ... The Dial-Up Networking monitor would give you related statistics. ... computers too over a dialup connection. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: [OT] Note to aue/AUE/a.u.e., etc.
      ... Why should ordinary users of computers and the Internet have to put up with these things? ... Spamforth who set the wheels in motion. ...
      (alt.usage.english)
    • Cyber Warfare
      ... Defences against cyberwarfare are still rudimentary. ... Yes-unless the attacks came over the internet. ... hackers out of important government computers. ...
      (soc.culture.china)
    • Re: No files showing
      ... On the wireless I can pick up the network, get on the internet but I can't ... Let's start by looking at "ipconfig /all" from both computers. ... The router is a Dlink 524, ...
      (microsoft.public.windowsxp.network_web)