Complicated NAT setup

[Paul Webster]

thought I would post for if someone ends up in a similar situation, I
changed hte nat rules to be:

# xBox redirection
nat on $josh_if from $josh_xbox to any -> ($josh_if)   # Nat the Xbox out
via gre0 (outbound)
rdr on $josh_if from any to ($josh_if) -> $josh_xbox    # Redirect
everything received on gre0 to the xbox (inbound)

and working :)

Thank you for the hand out max


On 5 April 2017 at 11:10, Paul Webster <paul.g.webster at googlemail.com>
wrote:

> I just read over my first post, a note would be that it does work
> perfectly outbound the only thing not working is ICMP and UDP inbound
>
> On 5 April 2017 at 10:34, Paul Webster <paul.g.webster at googlemail.com>
> wrote:
>
>> Thank you for the fast reply mark, here is a list of interfaces with
>> there relative ips:
>>
>> GW1(local lan gateway):
>>  lo0: 127.0.0.1 ::1
>>  igb0: 86.5.192.180 (public_ip)
>>  igb1: 172.31.33.1/24 (private lan)
>>  msk0: unused/192.168.0.1
>>  tun0: 172.19.20.2
>>  gre0: 10.0.0.1 (via igb0)
>>
>> GW2(vps remote gateway):
>>  lo0: 127.0.0.1 ::1
>>  vio0: 185.157.232.30
>>  gre0: 10.0.0.2 (via vio0)
>>
>> Xbox1 ( GW1[igb1->gre0] -> GW2[gre0->vio0] ):
>>  lo0: 127.0.0.1 ::1
>>  vtnet0: 172.31.33.254
>>
>> NOTE: xbox1 in this case is really freebsd 12-current with the forced ip
>> 172.31.33.254, because xbox really is to restrictive for debug purposes,
>> all it requires is that I set the correct dhcp-host on GW1 to make the
>> xbox1 172.31.33.254 though.
>>
>> Also the $localnet is really { 172.31.33.2-200 } so when the XBOX is 172.31.33.254
>> it is not going out via primary NAT rule it is instead getting caught by
>>
>> pass in quick on $int_if from $josh_xbox rtable 1       # Swap packets
>> from the xbox to fib1 routing table
>>
>> and the corresponding NAT further up the ruleset, the 'default route' of
>> 'fib 1' is 10.0.0.2
>>
>>
>>
>