From owner-freebsd-questions@FreeBSD.ORG Mon May 26 09:48:15 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D74A037B401; Mon, 26 May 2003 09:48:15 -0700 (PDT) Received: from srv00.el.com.br (srv00.el.com.br [200.179.165.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 58D9143F93; Mon, 26 May 2003 09:48:14 -0700 (PDT) (envelope-from g-paiva@el.com.br) Received: from intranet.el.com.br (srv00.el.com.br [200.179.165.123]) by srv00.el.com.br (elsmtp) with SMTP id ACBC071039; Mon, 26 May 2003 13:48:03 -0300 (BRT) Received: from 192.168.1.194 (SquirrelMail authenticated user g-paiva) by intranet.el.com.br with HTTP; Mon, 26 May 2003 13:48:03 -0300 (BRT) Message-ID: <1156.192.168.1.194.1053967683.squirrel@intranet.el.com.br> Date: Mon, 26 May 2003 13:48:03 -0300 (BRT) From: "Paiva, Gilson de" To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal Subject: SOLVED: 3 NICs NAT setup, almost there ... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 16:48:16 -0000 I could get this working by: natd.conf: redirect_address 192.168.1.x public_address same_ports yes unregistered_only yes use_socks yes The secret, thanks to Barney Wolff, is to run two instances of nat, but the real trick is -alias_address public_address on rl0 packets, this way: /sbin/natd -f /etc/natd.conf -n ep0 /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address and ipfw add xxx divert 8668 all from any to any via ep0 ipfw add xxx divert 8669 all from any to any via rl0 Thanks Barney! > >> On Fri, May 23, 2003 at 12:45:39PM -0300, Paiva, Gilson de wrote: >>> Hi, >>> >>> Take this scenario: >>> >>> >>> xxx/26 yyy/26 >>> internet --- ep0 freebsd rl0 --- wired clients >>> ep1 >>> | private ip ( 192.168.1.0/24 ) >>> | >>> wireless >>> >>> I have to nat packets with destination to an ip xxx/26 to an ip at private >>> ip net. So far so good with "common" redirect_address nat >>> configuration. >>> The problem happens with traffic between net yyy/26 and the private network ( and vice-versa ) because packets get routed to destination before they get translated by natd. >>> What´s the secret ? I tried everything I known and learned from reading but no setup could work out. >> >> I'd use ipfw and natd, and run two instances of natd listening on different >> divert sockets. Rules in ipfw can divert the packets to the right natd depending on where the packets are coming from or going to. >> >> -- >> Barney Wolff http://www.databus.com/bwresume.pdf >> I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > > -- > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Paiva, Gilson de Domingos Martins > mailto:npd@el.com.br Brazil > http://www.el.com.br/ E&L Producoes de Software > http://www.FreeBSD.org/ FreeBSD: The Power to Serve > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > ------------------------------------------------------------------------------ Aviso Legal: > Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa > E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Paiva, Gilson de Domingos Martins mailto:npd@el.com.br Brazil http://www.el.com.br/ E&L Producoes de Software http://www.FreeBSD.org/ FreeBSD: The Power to Serve =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ------------------------------------------------------------------------------ Aviso Legal: Esta mensagem pode nao expressar oficialmente as ideias ou vontades da empresa E&L Producoes de Software, sendo responsavel por esta exclusivamente seu autor.