From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 19 01:46:02 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AFD48106564A
	for <freebsd-questions@freebsd.org>;
	Wed, 19 Nov 2008 01:46:02 +0000 (UTC)
	(envelope-from jakub.tlck@gmail.com)
Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.228])
	by mx1.freebsd.org (Postfix) with ESMTP id 53F618FC0C
	for <freebsd-questions@freebsd.org>;
	Wed, 19 Nov 2008 01:46:02 +0000 (UTC)
	(envelope-from jakub.tlck@gmail.com)
Received: by qb-out-0506.google.com with SMTP id f30so2947334qba.35
	for <freebsd-questions@freebsd.org>;
	Tue, 18 Nov 2008 17:46:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type:references;
	bh=cQgyXjED9zi/F7uVM7LiywQCHpZ7l3GUCWHV0CgNhFQ=;
	b=IXOLGIAfpXZ8T4YbTgDUvQ2luQ+G5kJUKZUZ8z8ZsFjjW17yq2uM3HM5jc8jaduZq1
	eeNgPl4ZMtEx8G6dr3+hBtPiZRfT6kFtUDW4SDKLkLsRr6Yisn5d+GqyPNIlTMowDnny
	SvsRtG+7LJjVN+PfNRLGPJ9Vwr1FiHXwU/MzY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:references;
	b=YjIoMDdXDRxCtiPjbLINABssVubKmmPf+faXY4TLOmnUHqEad54B0MPotvYPJD0NAq
	cvtJAzWU1v8rsn+HlLSvb39de2c1wqsCfHFl9xKKsrhbeb0EKMi2gDwgp7jZFN8yEgbn
	LUqd61Nw/W65jD8+sViyyaMHeQOEvtAzAmwRA=
Received: by 10.142.105.13 with SMTP id d13mr224894wfc.196.1227059161197;
	Tue, 18 Nov 2008 17:46:01 -0800 (PST)
Received: by 10.142.187.7 with HTTP; Tue, 18 Nov 2008 17:46:01 -0800 (PST)
Message-ID: <42b840be0811181746w13c33badj99854a188d0dd00f@mail.gmail.com>
Date: Wed, 19 Nov 2008 02:46:01 +0100
From: "Jakub T" <jakub.tlck@gmail.com>
To: "Luke Dean" <LukeD@pobox.com>
In-Reply-To: <alpine.BSF.2.00.0811151022020.63525@border.lukas.is-a-geek.org>
MIME-Version: 1.0
References: <42b840be0811150949i1a8e0251tea94d8824cf4458f@mail.gmail.com>
	<alpine.BSF.2.00.0811151022020.63525@border.lukas.is-a-geek.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: Port forwarding behind two routers
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Nov 2008 01:46:02 -0000

2008/11/15 Luke Dean <LukeD@pobox.com>

>
> Port-forwarding through two NATs is something I've never had any success
> with.  I have a few suggestions that have worked for me and my friends with
> this setup.
>
> A) Disable NAT on the ADSL router.  I think the term is "bridged mode".
> Turn it into a dumb box and shift all the NAT/firewall/routing
> responsibilities over to your wireless router.  Depending on your ISP, the
> hardware, and the protocols involved, this may not be an option for you.
>
> B) Disable NAT on the wireless router.  This allows it to be a simple
> switch and wireless access point.  The price is that you're probably relying
> on the DHCP server in the wireless router for your wireless devices and
> you'll have to disable the DHCP when you disable NAT.  This creates new
> problems to be solved.
>
> C) Plug the FreeBSD box into the ADSL router, skipping the wireless router.
>  Your wireless devices will still be double-NATted, but if you're not
> running servers on them, you might be able to live with that.
>
>
Luke,

Thank you very much, your advices were very helpful and I now have a working
port forwarding through two routers. Sorry for the delay in the answering,
it took me some time to test various options...

Actually your (A) advice is what did the job. I turned off DHCP server on
ADSL router and enabled "NAT - DMZ Host" option on it (for which I realized
that it was the closest to your description of "bridged mode").

Then I configured the wireless router to use static IP config instead of
expecting DHCP server. The situation is now this:

    INTERNET
        |
telephone/adsl-wire
        |
        |
    ADSL router
 wan : xx.xx.xx.xx                          FreeBSD box (wired)
 lan : 192.168.1.1                          ip: 192.168.0.102
        |                 laptop            gateway: 192.168.0.1
        |                 (wireless)                |
   [internet plug]        ip: 192.168.0.101         |
  Wireless router         gateway: 192.168.0.1      |
  wan : 192.168.1.2            :                    |
  lan : 192.168.0.1  . . . . . :                    |
   [ethernet plug]                                  |
        |                                           |
        +-------------------------------------------+

DMZ host for ADSL router is 192.168.1.2 -- and it works!

I have one question more (forgive my ignorance): now the wireless router is
configured to use static IP config and I must provide one or more "Static
DNS servers" to it. Is it ok to type just "192.168.1.1" as DNS (which works
for now) or to copy DNS servers which are automatically provided to the ADSL
router by the ISP?

Once again, thank you.
Jakub