NATd trouble
- From: David DU SERRE TELMON <daviddst@xxxxxxxxx>
- Date: Sat, 24 Dec 2005 11:39:26 +0100
Hi,
I've the network below :
192.168.2.0/23 | 192.168.3.454 FreeBSD x.x.x.x router 1 | Internet | y.y.y.y FreeBSD 10.0.0.254 router 2 | 10.0.0.0/24
Each gateway run racoon. Each network can go on Internet. VPN is ok.
I would like to NAT packets from 192.168.2.0/23 to 10.0.0.0/24 with IP 192.168.3.254 on router 1. VPN interface is gif5 on router 1.
My ipfw rules : dialup:~# ipfw show | grep 8670 00650 4 400 divert 8670 ip from 192.168.2.0/23 to 10.0.0.0/24 00660 4 400 divert 8670 ip from 10.0.0.0/24
natd in debug mode :
dialup:~# natd -v -p natd-vpn -interface gif5 natd[42308]: Aliasing to 192.168.3.254, mtu 1280 bytes In [ICMP] [ICMP] 192.168.3.82 -> 10.0.0.1 8(0) aliased to [ICMP] 192.168.3.82 -> 10.0.0.1 8(0) Out [ICMP] [ICMP] 10.0.0.1 -> 192.168.3.82 0(0) aliased to [ICMP] 10.0.0.1 -> 192.168.3.82 0(0)
As you can see, packets are not translated with IP 192.168.3.54.
Same result with natd -p natd-vpn -a 192.168.3.254.
I think the solution will be with -reverse, when I use it, packets are natd (ping from 192.168.3.61 to 10.0.0.1) :
dialup:/etc# natd -v -p natd-vpn -reverse -interface gif5 natd[43271]: Aliasing to 192.168.3.254, mtu 1280 bytes In [ICMP] [ICMP] 192.168.3.61 -> 10.0.0.1 8(0) aliased to [ICMP] 192.168.3.254 -> 10.0.0.1 8(0)
tcmpdup on remote gateway : 11:26:44.641090 IP 192.168.3.254 > 10.0.0.1: icmp 64: echo request seq 0 11:26:44.641240 IP 10.0.0.1 > 192.168.3.254: icmp 64: echo reply seq 0
But I haven't got any reply on localsite (192.168.2.0/23), I haven't got packet OUT on natd.
David.
Thanks !
Have a nice Christmas ! .
- Follow-Ups:
- Re: NATd trouble
- From: Dom
- Re: NATd trouble
- Prev by Date: Re: can't connect to pop3 server - MTA issues (postfix)
- Next by Date: Re: can't connect to pop3 server - MTA issues (postfix)
- Previous by thread: can't connect to pop3 server - MTA issues (postfix)
- Next by thread: Re: NATd trouble
- Index(es):
Relevant Pages
|
|
