From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 18 14:08:52 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7B05E1065679
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Sep 2009 14:08:52 +0000 (UTC)
	(envelope-from steve@ibctech.ca)
Received: from smtp.ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6])
	by mx1.freebsd.org (Postfix) with SMTP id E3CCE8FC1C
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Sep 2009 14:08:51 +0000 (UTC)
Received: (qmail 22834 invoked by uid 89); 18 Sep 2009 14:08:37 -0000
Received: from unknown (HELO ?IPv6:2607:f118::5?)
	(steve@ibctech.ca@2607:f118::5)
	by 2607:f118::b6 with ESMTPA; 18 Sep 2009 14:08:37 -0000
Message-ID: <4AB39479.8090205@ibctech.ca>
Date: Fri, 18 Sep 2009 10:08:57 -0400
From: Steve Bertrand <steve@ibctech.ca>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Freeco <freeco@inbox.lv>
References: <25491958.post@talk.nabble.com>	<20090917174950.GC34712@ei.bzerk.org>	<25504647.post@talk.nabble.com>	<200909180815.n8I8FpFS045063@banyan.cs.ait.ac.th>	<25507235.post@talk.nabble.com>
	<4AB37AE0.2070409@ibctech.ca> <25508442.post@talk.nabble.com>
In-Reply-To: <25508442.post@talk.nabble.com>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
	micalg=sha1; boundary="------------ms080901060202040402090300"
Cc: freebsd-questions@freebsd.org
Subject: Re: IPF, NAT or NIC
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 14:08:52 -0000

This is a cryptographically signed message in MIME format.

--------------ms080901060202040402090300
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Freeco wrote:
> So it means that i will need 2 more NIC's in my gateway?
> 
> 				|---------<pc>
> 				|
> ISP>-----------<Gateway>-----<Switch>-----<pc>
> 				|
> 				|_________<pc>
> 
> Why all pc's can't be in one subnet? I'll be happy with one subnet,

Ok. One of us is confused, but I don't know who yet :)

A 'subnet' is a term used to describe a portion of an IP address space,
where each device in that space can communicate with one another without
using a router:

192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254
can 'speak' to each other without using a router. If you have more than
one PC, you need a 'switch' or hub to physically connect all of those
devices, so they can all speak to each other. (fwiw, I cringe at the
term subnet).

In the diagram above, you need two NICs in the gateway. One goes to the
ISP, and the other 192.168.1.2 goes to the switch. The rest of the
computers also plug into the switch. If all of the devices have
192.168.1.x, they are all in the same subnet.

> i don't
> need more. I tried this:
> 
> ISP x.x.88.17>-----------<x.x.88.20 Gateway 192.168.1.2>----------<pc cable
> unplugged 192.168.1.7>?

You need what's known as a 'cross-over' cable to connect the PC to the
Gateway directly. The first sentence in this link describes it well:

http://en.wikipedia.org/wiki/Ethernet_crossover_cable


> I want to use this one:
>                                                                                           
> |---------<pc 192.168.1.5>
>                                                                                           
> |
> ISP x.x.88.17>-----------<x.x.88.20 Gateway
> 192.168.1.2>-----<Switch>-----<pc 192.168.1.6>
>                                                                                           
> |
>                                                                                           
> |_________<pc 192.168.1.7> 
> 

The diagram got mangled, but from what I can tell, this is the same as
the diagram I left at the top of this message.

> The gateway will work like firewall and nat. Maybe i have wrong settings on
> my pc?

You do. Although technically it will work, you have in your gateway:

192.168.1.2 255.255.255.0

...but on the pc:

192.168.1.7 255.255.255.128:

> ----PC Settings----
> IP: 192.168.1.7
> Mask: 255.255.255.128 (same in rc.conf)
> Gateway: 192.168.1.2
> Dns: x.x.88.17
> Dns: 192.168.1.2

I'm not convinced that there still isn't a cabling issue,. I don't use
NAT, so perhaps someone else can help with any config issues, but I
would find out/fix what is causing the traffic to be received on the
wrong interface first.

Also, I just noticed in your original post that there appears to be
another clerical error. Again, I don't know ipnat, but I would suspect
that this:

map fxp0 192.168.0.0/16 -> 0/32

should really be this:

map fxp0 192.168.0.0/24 -> 0/32

Aside from that, are you sure that this entry shouldn't be:

map rl0 192.168.0.0/24 -> 0/32

? Again, I don't know ipnat, but to me, in the fxp0 entry, it looks like
you are trying to map the 192 space coming INTO fxp0 (which in your
original post is the NIC that faces the ISP, not the internal network).
If this is how ipnat looks at this, then this is also a problem.

Steve

--------------ms080901060202040402090300
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII/zCC
AtowggJDoAMCAQICEEs5xg/J3t77QWJ4SatV1HcwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA5MDUwNzIzMTYxMFoX
DTEwMDUwNzIzMTYxMFowQjEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEfMB0G
CSqGSIb3DQEJARYQc3RldmVAaWJjdGVjaC5jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAJSTRAjP1RVa87/mnZn+PBTbENgyhhBJ4rWApmaNcthzRdk2DB/49KrXx3EQP60w
Lj4KU0DFkiGNVj9BnVxRAx/WDXKxGC3uGGEG6gjyWv8KFMWMsH9mL7y7uNow1HueT6pZUf9o
yY8Ewd+01QpGi7FfXOae7lGHhbEwnEJGwz08ytRfLmH0KtEzlZanZZhwDGX5s1kIHnyxdACh
3byXY6Z2bOrx0rcrQHCnHJppxddR60F7igjaMuBFstE51h9XTgXDNKJbglqTug5ghGihNuP6
VsBN7ue62y96UGIE22TvKEcAQ665vQGjHqZeSzZYy+hWNOa27pWFmhlqFjx0x8MCAwEAAaMt
MCswGwYDVR0RBBQwEoEQc3RldmVAaWJjdGVjaC5jYTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
DQEBBQUAA4GBAMOmjxjp2Xzk6ZHLwTgFDzVhm98RjRT3UXotKjNIR7SgwfWF5wkJrx4I+dXu
ui5ztMEq4bTTRgJ344MqE6uZiZlg+tBIFHZGCJfKdzsX4QuV2jmw0sR5dMaYxG6tlDB0YUMv
gTqzV7ZDpiusTMOZe9pP1PdxFhOcIJXtMQDj5LhuMIIC2jCCAkOgAwIBAgIQSznGD8ne3vtB
YnhJq1XUdzANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl
IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDkwNTA3MjMxNjEwWhcNMTAwNTA3MjMxNjEwWjBCMR8wHQYD
VQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMR8wHQYJKoZIhvcNAQkBFhBzdGV2ZUBpYmN0
ZWNoLmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJNECM/VFVrzv+admf48
FNsQ2DKGEEnitYCmZo1y2HNF2TYMH/j0qtfHcRA/rTAuPgpTQMWSIY1WP0GdXFEDH9YNcrEY
Le4YYQbqCPJa/woUxYywf2YvvLu42jDUe55PqllR/2jJjwTB37TVCkaLsV9c5p7uUYeFsTCc
QkbDPTzK1F8uYfQq0TOVlqdlmHAMZfmzWQgefLF0AKHdvJdjpnZs6vHStytAcKccmmnF11Hr
QXuKCNoy4EWy0TnWH1dOBcM0oluCWpO6DmCEaKE24/pWwE3u57rbL3pQYgTbZO8oRwBDrrm9
AaMepl5LNljL6FY05rbulYWaGWoWPHTHwwIDAQABoy0wKzAbBgNVHREEFDASgRBzdGV2ZUBp
YmN0ZWNoLmNhMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAw6aPGOnZfOTpkcvB
OAUPNWGb3xGNFPdRei0qM0hHtKDB9YXnCQmvHgj51e66LnO0wSrhtNNGAnfjgyoTq5mJmWD6
0EgUdkYIl8p3OxfhC5XaObDSxHl0xpjEbq2UMHRhQy+BOrNXtkOmK6xMw5l72k/U93EWE5wg
le0xAOPkuG4wggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT
EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERp
dmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG
9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcN
MTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f
6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef
kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7
AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRw
Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8E
BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqG
SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bG
CE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEEs5xg/J3t77QWJ4SatV
1HcwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B
CQUxDxcNMDkwOTE4MTQwODU3WjAjBgkqhkiG9w0BCQQxFgQUidQTsJwhtjrnQENQD/X4NqiS
W6MwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBLOcYPyd7e+0Fi
eEmrVdR3MIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAhBLOcYPyd7e+0FieEmrVdR3MA0GCSqGSIb3DQEBAQUABIIB
AFN7AL2rRw16Fi+N4EMI1dsEz5EhgQ46EUXbDQQdOAyRSb1leRz/tyOFmF8lP6HyqJJBRn2Z
X5PbfFQV2eRUFUbosK0brtY+ilUwIM6K7Yjb1OPqnj6wDEWXfxJKteZFOrU+8F4CRT0EPQ7L
XwKv4cV0WYvQkZSu1djS7NAtiMyy6X9nbL7Yr1W79EZshWEwgs5pKW6ns84HNDNZ0ajCbalH
YM2/WFqo3CD8jO/BM2WBrk8K3swbaaycLUR/+tQU/VK2F4g1H0UG8BkYISE+qZmhExhcVzZ0
Dd6QgV3UeoiJzXEEvuLVNgpSAHCfhINWi7XpvwYigRBVgKoVvi4hxSUAAAAAAAA=
--------------ms080901060202040402090300--