Date: Thu, 29 Mar 2001 10:18:23 -0600 (CST) From: Guy Gustavson <bigfoot@www.stomped.com> To: <freebsd-questions@FreeBSD.ORG> Subject: vtun and natd forwarding question Message-ID: <Pine.BSF.4.33.0103290925400.52861-100000@www.stomped.com>
next in thread | raw e-mail | index | archive | help
< site alpha> < site beta >
---------- --------- ----------- -----------
| win box | | win box | | win box | | win box |
| #1 | | #2 | | #3 | | #4 |
| | | | | | | |
---------- --------- ----------- -----------
<10.1.2.2> <10.1.2.3> <10.1.1.22> <10.1.1.23>
| | | |
|-------------| |--------------|
| |
| |
<10.1.2.1> <10.1.1.1>
<ed1> <xl0>
---------- ----------
| FreeBSD | <ed1> <ed1> | FreeBSD |
| gw1 |<111.111.111.111>---internet---<222.222.222.222>| gw2 |
| |<10.2.0.2>---^ ^---<10.2.0.1>| |
---------- ----------
(Yes, gw1 has online one adapter)
Hopefully someone can help me untangle some of this.
The diagram above is the network as I currently have it layed out.
The goal is to have all the win boxs in the network use gw2's internet
connection to reach the outside world.
gw2 has a DHCP assigned real address on the internet. gw2 updates a
dynamic DNS server with it's current address so that it can always be
found via DNS. gw2 currently uses natd to forward packets from win #3
and win #4 out it's internet connection, and so all machines at site beta
are happy and life is good.
gw1 also has a DHCP assigned address, but it is behind a firewall. gw1
is able to get out over the internet just fine. By running natd gw1 is
able to forward packets from win #1 and win #2 to the internet, which is
ok, but very restricted by firewall rules.. Life would be much better at
site Alpha if we could forward traffic ment for the internet to gw2 and
use the internet connection at that site to provide internet access for
all machines.
vtund has been installed, and has succesfully setup up and is reliably
providing a tunnel between gw1 and gw2.
Now here's the question....
Can anyone help me configure natd/vtun ect on gw1 and gw2 to provide the
desired results?
-----------------------------
gw1 configs...
microbe# ipfw show
00100 22878 1527272 divert 8668 ip from any to any via ed1
00200 22877 1527144 allow ip from any to any
65535 0 0 deny ip from any to any
microbe# ps -ax | grep natd
241 ?? Ss 0:08.75 natd -a 139.93.4.207
(The address above is updated by script each time a new DHCP assignment is
made currently)
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 139.93.4.207 netmask 0xffffff00 broadcast 139.93.4.255
inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.2.0.2 --> 10.2.0.1 netmask 0xffffff00
gw2 configs....
homebox# ps -ax | grep natd
138 ?? Ss 1:02.37 /sbin/natd -n ed1
homebox# ipfw show
00050 322775 32921688 divert 8668 ip from any to any via ed1
00100 8 384 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
65000 618482 60162855 allow ip from any to any
65535 1 345 allow ip from any to any
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 24.163.163.140 netmask 0xfffffc00 broadcast 255.255.255.255
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.2.0.1 --> 10.2.0.2 netmask 0xffffff00
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103290925400.52861-100000>