From owner-freebsd-questions@FreeBSD.ORG Tue Dec 28 20:45:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA27E16A4CE for ; Tue, 28 Dec 2004 20:45:25 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A34E43D2F for ; Tue, 28 Dec 2004 20:45:25 +0000 (GMT) (envelope-from joshua.lokken@gmail.com) Received: by wproxy.gmail.com with SMTP id 55so98993wri for ; Tue, 28 Dec 2004 12:45:24 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=qbvL2CeiE5+O2DU+JEM26dJj9GhTF1oMAbNiNf8Ahl8/fexd43eZ8oOK7C2pz757mbotrE5J51zKUyP8faqAKTOBYT4iR3SVre14yKUKMZsK1ouIZrvr4pOTRWXsbmS0HLBfzAiQip5KFWP/yMVkaGrPA5TUR3Eeg8v/wPebG9A= Received: by 10.54.3.38 with SMTP id 38mr20101wrc; Tue, 28 Dec 2004 12:45:24 -0800 (PST) Received: by 10.54.11.33 with HTTP; Tue, 28 Dec 2004 12:45:24 -0800 (PST) Message-ID: Date: Tue, 28 Dec 2004 14:45:24 -0600 From: Joshua Lokken To: Igor Pokrovsky In-Reply-To: <20041228203328.GA3842@doom.homeunix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20041228200732.GA1987@doom.homeunix.org> <20041228203328.GA3842@doom.homeunix.org> cc: Questions Subject: Re: pppd and NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Joshua Lokken List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Dec 2004 20:45:25 -0000 On Tue, 28 Dec 2004 23:33:28 +0300, Igor Pokrovsky wrote: > On Tue, Dec 28, 2004 at 11:07:32PM +0300, Igor Pokrovsky wrote: > > Does anyone knows if it's possible to do NAT with pppd. > > I know it's possible with ppp, but pppd didn't reveal me any clue. > > Sorry for replying to my own message. I found the solution - > it is possible to use natd and ipfw to do the job. > If anyone is interested I can send complete solution. Also, from man ppp(8): The -nat flag does the equivalent of a ``nat enable yes'', enabling ppp's network address translation features. This allows ppp to act as a NAT or masquerading engine for all machines on an internal LAN. Refer to libalias(3) for details on the technical side of the NAT engine. Refer to the NETWORK ADDRESS TRANSLATION (PACKET ALIASING) section of this manual page for details on how to configure NAT in ppp. [snip] and... Supports NAT or packet aliasing. Packet aliasing (a.k.a. IP masquerad- ing) allows computers on a private, unregistered network to access the Internet. The PPP host acts as a masquerading gateway. IP addresses as well as TCP and UDP port numbers are NAT'd for outgoing packets and de-NAT'd for returning packets. [snip] and... NETWORK ADDRESS TRANSLATION (PACKET ALIASING) The -nat command line option enables network address translation (a.k.a. packet aliasing). This allows the ppp host to act as a masquerading gateway for other computers over a local area network. Outgoing IP pack- ets are NAT'd so that they appear to come from the ppp host, and incoming packets are de-NAT'd so that they are routed to the correct machine on the local area network. NAT allows computers on private, unregistered subnets to have Internet access, although they are invisible from the outside world.... So, you can do NAT with ppp, as well ;) HTH, -- Joshua Lokken Open Source Advocate