Date: Mon, 21 Nov 2005 12:54:36 -0600 From: "Paul T. Root" <ptroot@iaces.com> To: stable@freebsd.org Subject: tunnels through a NAT device Message-ID: <438217EC.7010905@iaces.com>
next in thread | raw e-mail | index | archive | help
I sent this out Saturday from home, but it doesn't
look like it went out...
-------- Original Message --------
Message-ID: <437FBAB2.9070907@iaces.com>
Date: Sat, 19 Nov 2005 17:52:18 -0600
From: Paul Root <ptroot@iaces.com>
User-Agent: Thunderbird 1.5 (Macintosh/20051025)
MIME-Version: 1.0
To: freebsd-stable <freebsd-stable@freebsd.org>
Subject: tunnels through a NAT device
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I'm trying to setup and encrypted tunnel
between 2 FreeBSD machines. Yesterday, I
did get the tunnel up between two machines
on the same network, and got it encrypted.
Pretty easy following the handbook.
Now, I have a machine at home behind a
DSL modem (Actiontec) that NATs everything.
I've made the machine the DMZ host for
the Actiontec, which basically passes all
ports not otherwise directed to the machine.
The machines are both Sparcs. I'm using
aliases for routing.
Internet machine:
hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet A.B.C.D netmask 0xffffffe0 broadcast A.B.C.Z
inet6 fe80::a00:20ff:fec0:3fe1%hme0 prefixlen 64 scopeid 0x1
inet 192.168.99.1 netmask 0xffffffff broadcast 192.168.99.1
ether 08:00:20:c0:3f:e1
media: Ethernet autoselect (10baseT/UTP)
status: active
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet A.B.C.D --> E.F.G.H
inet6 fe80::a00:20ff:fec0:3fe1%gif0 prefixlen 64 scopeid 0x3
inet 192.168.99.1 --> 192.168.90.250 netmask 0xffffffff
home NATed machine:
hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::a00:20ff:fec0:5061%hme0 prefixlen 64 scopeid 0x1
inet 192.168.0.250 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.90.250 netmask 0xffffffff broadcast 192.168.90.250
ether 08:00:20:c0:50:61
media: Ethernet autoselect (100baseTX)
status: active
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet E.F.G.H --> A.B.C.D
inet6 fe80::a00:20ff:fec0:5061%gif0 prefixlen 64 scopeid 0x3
inet 192.168.90.250 --> 192.168.99.1 netmask 0xffffffff
Now this works, exactly like this, on two machines that are not
NATed.
E.F.G.H is the address of the dsl modem on the outside. I've tried
setting the home machine's gif0 interface to both E.F.G.H and
192.168.0.250 going to A.B.C.D. Obviously, the internet machine has
to point to E.F.G.H.
Should I set the alias of hme0 on the home machine to E.F.G.H?
Is there a way to do this?
--
______ Paul T. Root
/ _ \ 1977 MGB
/ /|| \\
||\/ || _ |
|| || ||
\ ||__//
\______/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?438217EC.7010905>