Date: Sun, 26 Oct 2003 14:01:49 +0100 From: Nils Vogels <nivo+sender+8eb026@yuckfou.org> Cc: freebsd-net@freebsd.org Subject: Re: Reverse IP NAT to secondary IP address Message-ID: <3F9BC5BD.2040804@yuckfou.org> In-Reply-To: <1067144856.121773.17159.nullmailer@cicuta.babolo.ru> References: <1067144856.121773.17159.nullmailer@cicuta.babolo.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"."@babolo.ru wrote: >>Since I have the internet on the same interface, but on the primary IP >>instead, would enabling ARP PROXY not fill the ARP table with every host >>on the internet, that tries to contact the gateway ? >> >> >Are you using default route? >If yes, only default router's MAC used for every external IP. > > > OK, great. >>>No NAT is needed. >>> >>> >>> >>I just tried this, but unfortunately, the same thing happens as with >>ipfilter: >> >>The primary address of the interface ed0 on the gateway (the public >>adress) is used to forward the arp request. >> >>Taken from a dump on the gateay, when attempting telnet: >> >>Incoming on rl0: >>03:35:05.867883 192.168.0.2.1511 > 192.168.2.2.23: S >>1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10] >> >>Outgoing on ed0: >>03:35:05.868333 195.0.0.1.15009 > 192.168.2.2.23: S >>1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10] >> >> >No NAT is needed. >Just allow 192.168.0.2 <-> 192.168.2.2 flow directly, >not via NAT > > I just changed my ipnat rule to: map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32 map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp 15000:19999 And this is now working. Thanks a bunch! ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F9BC5BD.2040804>