NATd issue
David DU SERRE TELMON
david at xinus.net
Sun Dec 25 02:24:56 PST 2005
Hi,
I've the network below :
192.168.2.0/23
|
192.168.3.454 FreeBSD
x.x.x.x router 1 (dialup)
|
Internet
|
y.y.y.y FreeBSD
10.0.0.254 router 2
|
10.0.0.0/24
Each gateway run racoon.
Each network can go on Internet.
VPN is ok.
I would like to NAT packets from 192.168.2.0/23 to 10.0.0.0/24 with IP
192.168.3.254 on router 1 (or 10.0.0.254 if it's possible). VPN
interface is gif5 on router 1.
My ipfw rules :
dialup:~# ipfw show | grep 8670
00650 4 400 divert 8670 ip from 192.168.2.0/23 to 10.0.0.0/24
00660 4 400 divert 8670 ip from 10.0.0.0/24
natd in debug mode :
dialup:~# natd -v -p natd-vpn -interface gif5
natd[42308]: Aliasing to 192.168.3.254, mtu 1280 bytes
In [ICMP] [ICMP] 192.168.3.82 -> 10.0.0.1 8(0) aliased to
[ICMP] 192.168.3.82 -> 10.0.0.1 8(0)
Out [ICMP] [ICMP] 10.0.0.1 -> 192.168.3.82 0(0) aliased to
[ICMP] 10.0.0.1 -> 192.168.3.82 0(0)
gif5 is the vpn tunnel interface
dialup:~# ifconfig gif5
gif5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet x.x.x.x --> y.y.y.y
inet 192.168.3.254 --> 10.0.0.254 netmask 0xffffffff
As you can see, packets are not translated with IP 192.168.3.54.
Same result with natd -p natd-vpn -a 192.168.3.254.
I think the solution will be with -reverse, when I use it, packets are
natd (ping from 192.168.3.61 to 10.0.0.1) :
dialup:/etc# natd -v -p natd-vpn -reverse -interface gif5
natd[43271]: Aliasing to 192.168.3.254, mtu 1280 bytes
In [ICMP] [ICMP] 192.168.3.61 -> 10.0.0.1 8(0) aliased to
[ICMP] 192.168.3.254 -> 10.0.0.1 8(0)
tcmpdump on remote gateway :
11:26:44.641090 IP 192.168.3.254 > 10.0.0.1: icmp 64: echo request seq 0
11:26:44.641240 IP 10.0.0.1 > 192.168.3.254: icmp 64: echo reply seq 0
But I haven't got any reply on localsite (192.168.2.0/23), I haven't got
packet OUT on natd.
David.
Thanks !
Have a nice Christmas !
More information about the freebsd-questions
mailing list