Date: Sat, 27 Apr 2002 18:42:49 -0700 From: Danny Howard <dannyman@toldme.com> To: freebsd-questions@freebsd.org Subject: ipfw/natd redirect external IP to protected net? Message-ID: <20020427184249.B13388@pianosa.catch22.org>
next in thread | raw e-mail | index | archive | help
Home network: DSL subnet -> FreeBSD ipfw/natd -> 10.net Now I have a netscreen box, a VPN box which is meant to sit on a public address on the DSL subnet, in front of the firewall, and supply access to the 10.net at work. Unfortunately, it would be non-trivial for me to locate the Netscreen in front of the firewall, so I'm trying to figure out if there is a way for the firewall to provide access to its IP address as if it were not behind the firewall. I am already using -redirect_address so that the firewall can bind an IP on the DSL subnet as an alias, and then redirect it to a machine on the 10.net. This is sub-optimal even in the case where I can give out a 10.net address, because the machine can't find itself unless it also aliases the public IP address. :/ THEN for some reason, other machines on the protected 10.net can't reach that machine either! :( And, in this case, the netscreen COULDN'T bind a 10.net address because it's already tunneling a 10.net to us, and that's a paradox, I think. ARGH! Any ideas? I think I have to crawl under the house with some CAT5 ... -danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020427184249.B13388>