From owner-freebsd-ipfw Thu Sep 26 3:28:48 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8643B37B401; Thu, 26 Sep 2002 03:28:46 -0700 (PDT) Received: from mel-rto2.wanadoo.fr (smtp-out-2.wanadoo.fr [193.252.19.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDC643E6A; Thu, 26 Sep 2002 03:28:45 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from mel-rta8.wanadoo.fr (193.252.19.79) by mel-rto2.wanadoo.fr (6.5.007) id 3D89D999003EC090; Thu, 26 Sep 2002 12:28:32 +0200 Received: from darthvader (217.128.38.109) by mel-rta8.wanadoo.fr (6.5.007) id 3D8011E3007FFC1E; Thu, 26 Sep 2002 12:28:31 +0200 Message-ID: <056a01c26547$72e0be50$0200a8c0@darthvader> From: "jeremie le-hen" To: "billy" , "Juraj Petrik" Cc: , References: <20020925134615.V75126-100000@mouse.isilon.com> Subject: Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease Date: Thu, 26 Sep 2002 12:28:25 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I know that ipnat will not redirect packets out the same interface they > came, but that doesn't seem to be a problem here. > the message That's not true. I've succeeded in using the same interface for incoming and outgoing packets through ipnat, using ip aliasing. Here is the configuration : # outgoing ip address ifconfig rl0 inet 10.251.21.32 netmask 0xFFFF0000 up # incoming one ifconfig rl0 inet 192.168.0.1 netmask 0xFFFFFF00 alias # ipnat rule map rl0 192.168.0.0/24 -> 10.251.21.32/32 I don't know if it works if outgoing ip address is on the same subnet as the incoming one, but i think yes. It would be useful if your network use an authentification to be allowed to go through your default router, and you don't have the relevant client software on some machines. This rule map rl0 10.251.21.41/32 -> 10.251.21.41/32 should work in my opinion. Regards, -- Jeremie Le Hen aka TataZ/TtZ le-hen_j@epita.fr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message