Date: Mon, 26 Feb 2001 02:19:54 -0500 (EST) From: Brent B.Powers <fbsdq@b2pi.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@freebsd.org Subject: Re: With natd server, can't hit my own static IP's Message-ID: <15002.922.799479.686056@Sophie.B2Pi.com> In-Reply-To: <20010225212349.Y89396@rfx-216-196-73-168.users.reflex> References: <bulk.28868.20010220215952@hub.freebsd.org> <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> <15000.46171.122193.363607@Sophie.B2Pi.com> <20010225161353.S89396@rfx-216-196-73-168.users.reflex> <15001.58315.328789.634063@Sophie.B2Pi.com> <20010225212349.Y89396@rfx-216-196-73-168.users.reflex>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Crist" == Crist J Clark <cjclark@reflexnet.net> writes:
Crist> On Mon, Feb 26, 2001 at 12:04:11AM -0500, Brent B. Powers
Crist> wrote:
>> >>>>> "Crist" == Crist J Clark <cjclark@reflexnet.net> writes:
>>
Crist> On Sun, Feb 25, 2001 at 02:29:31AM -0500, Brent B. Powers
Crist> wrote: [snip]
>> <snip>
>>
Crist> I think I see what is going on here. That rule 350 was a
Crist> bad idea on my part. Replies from 192.168.1.186 do not get
Crist> put through NAT. What does,
>>
Crist> 00350 divert 8669 ip from any to any via rl0
>>
Crist> And running the internal natd with the '-reverse' option
Crist> do?
>> Ummm, prevents all machines other than the gateway from
>> connecting with each other, or anything. When I reverse the
>> order of the nat rules, not much that's better happens, but it
>> also nat's packets from the outside world (effectively
>> reversing the original nat).
Crist> Oh, yeah. Did I not say to turn off NAT on the external
Crist> interface and only run it inside?
Ummm, huh??? In that case, won't the gateway (which has aliases for
all 8 of the static IP's I care about) just eat any packet bound from
the outside for one of those 8, and they (the packets bound for my
non-gateway servers) w'll never hit the interior interface.
<snip>
>> I am beginning to wonder if this is actually possible via
>> FreeBSD. You may recall from a couple of months ago when I was
>> asking how to cause a server to act as a direct bridge (in
>> other words, for any packet for an IP that it got on one nic
>> that was not it's own, throw the packet out the other
>> nic. Then, with the proper arp proxying, this whole scenario
>> works.
Crist> Doing NAT on a bridge? That be whack.
That's the point... you don't do nat. the gateway just arp proxies the
ip's, and shuffles the packets to the correct addresses (which are
directly connected to the interior IP).
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15002.922.799479.686056>