Date: Fri, 6 Jun 2014 23:22:46 -0700 (PDT) From: None Secure <none_secure@yahoo.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? Message-ID: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com>
next in thread | raw e-mail | index | archive | help
I've built a lot of gateways/routers with FreeBSD - but they have always be= en with real, routable IPs.=0A=0AExternal IP is real, internal IP is real, = and all I need is gateway_enable=3D"yes" and a next-hop route from my ISP.= =0A=0ANo NAT, no divert, no ipfw rules, nothing.=0A=0ABUT, what if my ISP i= s giving me a private IP, and my internal network is also private IPs ? =A0= External gateway address is 192.168.1.2 and internal gateway address is 10.= 10.10.1 ... the ONLY way I could make this work is with natd and ipfw diver= t rules.=0A=0AMy question is: =A0is it possible to have a network of non-ro= utable IPs, and a gateway with non-routable Ips on internal and external in= terfaces, and NOT use natd/divert ? =A0Can it be done with no ipfw rules at= all, just like I used to ?=0A=0AThanks. From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 06:28:31 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 465D25CF for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 06:28:31 +0000 (UTC) Received: from nm46.bullet.mail.ne1.yahoo.com (nm46.bullet.mail.ne1.yahoo.com [98.138.120.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F339F20BC for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 06:28:30 +0000 (UTC) Received: from [127.0.0.1] by nm46.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 06:28:24 -0000 Received: from [98.138.101.128] by nm46.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 06:25:34 -0000 Received: from [66.196.81.173] by tm16.bullet.mail.ne1.yahoo.com with NNFMP; 07 Jun 2014 06:25:33 -0000 Received: from [98.139.212.207] by tm19.bullet.mail.bf1.yahoo.com with NNFMP; 07 Jun 2014 06:25:33 -0000 Received: from [127.0.0.1] by omp1016.mail.bf1.yahoo.com with NNFMP; 07 Jun 2014 06:25:33 -0000 X-Yahoo-Newman-Property: ymail-4 X-Yahoo-Newman-Id: 781178.47850.bm@omp1016.mail.bf1.yahoo.com Received: (qmail 85055 invoked by uid 60001); 7 Jun 2014 06:25:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1402122333; bh=MMUawwih6R1vKqlCaXTvePi6evc33TO04GYEQW5dZjk=; h=Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=jqlW3adUsNJ9Fkj6lYLQlX0KW8cOQ0N7AAVhHA3wGhHKjNVADSqhCC3+HX04/PTUFHHgFtlBmzJ99Z1q41IqQ6JVmTN+48iwDATo2/GhmAjw/Sdg+F0H56uJVSPPOSmgffQoiAf0JdwYIEoIe51xx/sqtuCuanLu5IsWbTDnsnk= X-YMail-OSG: QiEi.FgVM1lLqHXF4.ZwCQpwhZqBYbAMVenKYa_njujmsIO OBRZdKkHXvgLQBKHpTdXhZjrqZkZ2FtM1xuftBywDGDVBuxylaBdb1lVX_dP vA45cCojEHJc3Ei1zJY86MlHp_FtAXssuxiR5S3ivQlexpTNwGHX_iGXP2As QT5nXF.0Qqd5eqfy_g_JxItjCmVJKkVT3M1A708ByURjXOcKNtgEnaH.kNfE gcHyhxjUPDqzfUd_GBLaAqolLFEDO4Of3GCaBAP35OxDg_eV8APmTwFcIdsb qEVt.F4eaedpxriOa7y9as_IlMzbDlf0qLO4PyvaVONe1Ye4ic7Kk2_zxNbm 2vrDM4Bpsyivey4fDSc4Gcl1AY5IwDi2FJiYEqqyvKfOHJWkZZklPu9ivGo5 .ztXQOEtOGOq0vJprrRtkvLcnQ59qHRoQisS13lrbdwM6bTe2fmGkyOsCb5. ezfbp23QLN8KlisSA1wM1oRwlQ.72VDwMCtht03YoSSjGWqLpEr_SQzGjSTo UdybIKBJg Received: from [12.202.173.2] by web162101.mail.bf1.yahoo.com via HTTP; Fri, 06 Jun 2014 23:25:33 PDT X-Rocket-MIMEInfo: 002.001, SSB3b3VsZCBsaWtlIHZlcnkgbXVjaCB0byB1c2Ugc3NodXR0bGUgZm9yIGFuIGluZm9ybWFsIFZQTi4KCkhvd2V2ZXIsIHNzaHV0dGxlIHNldHMgdXAgYSBsb3Qgb2YgY29tcGxleGl0eSBpbiBvcmRlciB0byByb3V0ZSBETlMgcmVxdWVzdHMgb3ZlciB0aGUgc3NoIHR1bm5lbCAuLi4gaXQgdXNlcyBkaXZlcnQgcnVsZXMgZm9yIGRucyB0cmFmZmljLCBhbmQgSSBkb24ndCB0aGluayB0aGV5IGV2ZW4gdGVzdGVkIGl0IGJlY2F1c2UgaXQgZmFpbHMgdG8gc3RhcnQgb3IgdXRpbGl6ZSBuYXRkLgoKVGhlIHN0YXQBMAEBAQE- X-Mailer: YahooMailWebService/0.8.190.668 Message-ID: <1402122333.57974.YahooMailNeo@web162101.mail.bf1.yahoo.com> Date: Fri, 6 Jun 2014 23:25:33 -0700 (PDT) From: None Secure <none_secure@yahoo.com> Reply-To: None Secure <none_secure@yahoo.com> Subject: Does FreeBSD have the ability to properly forward UDP traffic ? To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 06:28:31 -0000 I would like very much to use sshuttle for an informal VPN. However, sshuttle sets up a lot of complexity in order to route DNS requests over the ssh tunnel ... it uses divert rules for dns traffic, and I don't think they even tested it because it fails to start or utilize natd. The stated reason by sshuttle project is that you can't just forward UDP traffic properly with BSD, like you can with linux - they say it doesn't keep track of port numbers or connections properly. Is this true ? Or is it possible to properly forward UDP traffic with ipfw rules, and not use natd/divert ? Thanks. From owner-freebsd-net@FreeBSD.ORG Sat Jun 7 06:33:19 2014 Return-Path: <owner-freebsd-net@FreeBSD.ORG> Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 108FC750 for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 06:33:19 +0000 (UTC) Received: from mail-pd0-x22b.google.com (mail-pd0-x22b.google.com [IPv6:2607:f8b0:400e:c02::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA0B02150 for <freebsd-net@freebsd.org>; Sat, 7 Jun 2014 06:33:18 +0000 (UTC) Received: by mail-pd0-f171.google.com with SMTP id y13so3283194pdi.16 for <freebsd-net@freebsd.org>; Fri, 06 Jun 2014 23:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=y4vZUE36FY7c5T+X1rBQxvRWuzVgIiirZlWyVd8M+ck=; b=uCsnaiT9suvAgND7TNPRaEnuFrvWI/Hs82ASp41PyjLYikEsUBPp/gXQbRJvwSH46Q /izuom30AjmFVY4mVHoovCPbmKObdnE6WlEwjYn+/fCzZDuelI47cjWUoXJlbJBWWtCL t0ZLdru47sudNEieBdUrBaX3cJMhKMN73KbZBqTMB5fvkOxQsXjhOcWsYdo33DbdIxQ2 kgDXrM4Ek2Hs1+PqgKCl0p8FP+b9irOUgarsD0EjA00Zj6Ls3oAJR8IsPj7uqLbscSA2 9+YUBgyBWSFIapezu//ZMeIUL2wi3NvWdI2hJBxWd9dq1GCYNNBJ+/MdkJ0DeFzlLYq8 PSPw== MIME-Version: 1.0 X-Received: by 10.68.97.129 with SMTP id ea1mr8746533pbb.73.1402122798176; Fri, 06 Jun 2014 23:33:18 -0700 (PDT) Received: by 10.70.75.195 with HTTP; Fri, 6 Jun 2014 23:33:18 -0700 (PDT) Received: by 10.70.75.195 with HTTP; Fri, 6 Jun 2014 23:33:18 -0700 (PDT) In-Reply-To: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> References: <1402122166.37214.YahooMailNeo@web162101.mail.bf1.yahoo.com> Date: Sat, 7 Jun 2014 09:33:18 +0300 Message-ID: <CAEW+oga5yUPdPeDOjj6o6-Hdw9bPFHY-XDvKn5i7yhbq8eO54w@mail.gmail.com> Subject: Re: Can you create a FreeBSD gateway, with private IPs, without NAT/divert ? From: Sami Halabi <sodynet1@gmail.com> To: None Secure <none_secure@yahoo.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>; List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sat, 07 Jun 2014 06:33:19 -0000 Apparently from your mail you dont need anything since your isp is making the nat. Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 7 =D7=91=D7=99=D7=95=D7=A0 2014 09:25,= "None Secure via freebsd-net" < freebsd-net@freebsd.org> =D7=9B=D7=AA=D7=91: > I've built a lot of gateways/routers with FreeBSD - but they have always > been with real, routable IPs. > > External IP is real, internal IP is real, and all I need is > gateway_enable=3D"yes" and a next-hop route from my ISP. > > No NAT, no divert, no ipfw rules, nothing. > > BUT, what if my ISP is giving me a private IP, and my internal network is > also private IPs ? External gateway address is 192.168.1.2 and internal > gateway address is 10.10.10.1 ... the ONLY way I could make this work is > with natd and ipfw divert rules. > > My question is: is it possible to have a network of non-routable IPs, an= d > a gateway with non-routable Ips on internal and external interfaces, and > NOT use natd/divert ? Can it be done with no ipfw rules at all, just lik= e > I used to ? > > Thanks. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1402122166.37214.YahooMailNeo>