Date: Fri, 11 May 2007 11:31:53 +0300 From: Igor Popov <igorpopov@newmail.ru> To: freebsd-ipfw@freebsd.org Subject: nat on bridge Message-ID: <200705111131.54064.igorpopov@newmail.ru>
next in thread | raw e-mail | index | archive | help
hi.
I have a question about NAT (pf) on bridge.
Network diagram:
[PPPoE clients 192.168.0.0/16 and real ip] <-->[PPPoE concetrator
80.0.0.1/29]<---->[em0 FreeBSD bridge and NAT 80.0.0.2/29
em1]<----->80.0.0.3/29[BGP Router]
Why bridge? Both PPPoE concentrator and BGP router are Cisco routers, there is
dynamic routing (EIGRP) between them, so it must be directly connected.
FreeBSD should NAT internal ip network and switch on bridge all another
packets, is it possible?
ifconfig em0 up
ifconfig em1 up
ifconfig bridge0 addm em0 addm em1 up
ifconfig bridge0 inet 80.0.0.2/29
route add default 80.0.0.3
pf rules:
table const <pppoe> {192.168.0.0/16}
nat on bridge0 tagged TO_NAT tag NATED -> (bridge0)
pass in on em1 all keep state
pass in on em0 inet tag TO_INET keep state
pass in on em0 inet from <pppoe> to any tag TO_NAT keep state
pass out on em1 tagged NATED
pass out on em1 tagged TO_INET
--
You climb to reach the summit, but once
there, discover that all roads lead down.
-- Stanislaw Lem, "The Cyberiad"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705111131.54064.igorpopov>