Date: Mon, 26 May 2003 13:48:03 -0300 (BRT) From: "Paiva, Gilson de" <g-paiva@el.com.br> To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: SOLVED: 3 NICs NAT setup, almost there ... Message-ID: <1156.192.168.1.194.1053967683.squirrel@intranet.el.com.br>
next in thread | raw e-mail | index | archive | help
I could get this working by: natd.conf: redirect_address 192.168.1.x public_address same_ports yes unregistered_only yes use_socks yes The secret, thanks to Barney Wolff, is to run two instances of nat, but the real trick is -alias_address public_address on rl0 packets, this way: /sbin/natd -f /etc/natd.conf -n ep0 /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address and ipfw add xxx divert 8668 all from any to any via ep0 ipfw add xxx divert 8669 all from any to any via rl0 Thanks Barney! > >> On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote: >>> Hi, >>> >>> Take this scenario: >>> >>> >>> xxx/26 yyy/26 >>> internet --- ep0 freebsd rl0 --- wired clients >>> ep1 >>> | private ip ( 192.168.1.0/24 ) >>> | >>> wireless >>> >>> I have to nat packets with destination to an ip xxx/26 to an ip at private >>> ip net. So far so good with "common" redirect_address nat >>> configuration. >>> The problem happens with traffic between net yyy/26 and the private network ( and vice-versa ) because packets get routed to destination before they get translated by natd. >>> What´s the secret ? I tried everything I known and learned from reading but no setup could work out. >> >> I'd use ipfw and natd, and run two instances of natd listening on different >> divert sockets. Rules in ipfw can divert the packets to the right natd depending on where the packets are coming from or going to. >> >> -- >> Barney Wolff http://www.databus.com/bwresume.pdf >> I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Paiva, Gilson de Domingos Martins > mailto:npd@el.com.br Brazil > http://www.el.com.br/ E&L Producoes de Software > http://www.FreeBSD.org/ FreeBSD: The Power to Serve > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > ------------------------------------------------------------------------------ Aviso Legal: > Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa > E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1156.192.168.1.194.1053967683.squirrel>