Date: Thu, 26 Sep 2002 12:28:25 +0200 From: "jeremie le-hen" <le-hen_j@epita.fr> To: "billy" <billy@isilon.com>, "Juraj Petrik" <juro@software602.sk> Cc: <freebsd-security@FreeBSD.ORG>, <freebsd-ipfw@FreeBSD.ORG> Subject: Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease Message-ID: <056a01c26547$72e0be50$0200a8c0@darthvader> References: <20020925134615.V75126-100000@mouse.isilon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I know that ipnat will not redirect packets out the same interface they > came, but that doesn't seem to be a problem here. > the message That's not true. I've succeeded in using the same interface for incoming and outgoing packets through ipnat, using ip aliasing. Here is the configuration : # outgoing ip address ifconfig rl0 inet 10.251.21.32 netmask 0xFFFF0000 up # incoming one ifconfig rl0 inet 192.168.0.1 netmask 0xFFFFFF00 alias # ipnat rule map rl0 192.168.0.0/24 -> 10.251.21.32/32 I don't know if it works if outgoing ip address is on the same subnet as the incoming one, but i think yes. It would be useful if your network use an authentification to be allowed to go through your default router, and you don't have the relevant client software on some machines. This rule map rl0 10.251.21.41/32 -> 10.251.21.41/32 should work in my opinion. Regards, -- Jeremie Le Hen aka TataZ/TtZ le-hen_j@epita.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?056a01c26547$72e0be50$0200a8c0>