From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 06:40:56 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51A8989E for ; Sat, 7 Jun 2014 06:40:56 +0000 (UTC) Received: from alogt.com (alogt.com [69.36.191.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2ACB021F7 for ; Sat, 7 Jun 2014 06:40:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=aT61qvFh2h+/vNpIKM5+plsqU/CzF0z9u4IRp+x5ggI=; b=wx9hkNuvM3ZV+k0EROYO/wSDq8ONxPQrXy6UZPdjgWFlr25gHWUofG6W4AO9oblFfjpkVxVPeeY7NL5/7aoIn3vvHSRccYGVeK7erAGz+VTWVeiYDayzmOWNOilm3hOgbQ7s8YYZOPRZHl6FS0lHExLvvS/Evje21T/P7ld92y0=; Received: from [182.14.146.137] (port=12631 helo=X220.alogt.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from ) id 1WtAJ6-003HTn-5j; Sat, 07 Jun 2014 00:40:48 -0600 Date: Sat, 7 Jun 2014 14:40:43 +0800 From: Erich Dollansky To: None Secure Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <20140607144043.3d4be435@X220.alogt.com> In-Reply-To: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> Organization: ALO Green Technologies X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erich@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2014 06:40:56 -0000 Hi, On Fri, 6 Jun 2014 23:22:46 -0700 (PDT) None Secure via freebsd-net wrote: > BUT, what if my ISP is giving me a private IP, and my internal > network is also private IPs ? =A0External gateway address is > 192.168.1.2 and internal gateway address is 10.10.10.1 ... the ONLY > way I could make this work is with natd and ipfw divert rules. >=20 > My question is: =A0is it possible to have a network of non-routable > IPs, and a gateway with non-routable Ips on internal and external > interfaces, and NOT use natd/divert ? =A0Can it be done with no ipfw > rules at all, just like I used to ? >=20 what should be the problem? I did some time ago when the ISP gave us only a single IP address. The local machines connected to the gateway, the gateway connected via a second interface to the ISP. Of course, only the gateway was visible from outside. If you want to access the internal machines from outisde, you will need NAT.=20 Erich