IPF, NAT or NIC

Steve Bertrand steve at ibctech.ca
Fri Sep 18 14:08:52 UTC 2009 

Freeco wrote:
> So it means that i will need 2 more NIC's in my gateway?
> 
> 				|---------<pc>
> 				|
> ISP>-----------<Gateway>-----<Switch>-----<pc>
> 				|
> 				|_________<pc>
> 
> Why all pc's can't be in one subnet? I'll be happy with one subnet,

Ok. One of us is confused, but I don't know who yet :)

A 'subnet' is a term used to describe a portion of an IP address space,
where each device in that space can communicate with one another without
using a router:

192.168.1.0/24 is a subnet, so hosts 192.168.1.1 through 192.168.1.254
can 'speak' to each other without using a router. If you have more than
one PC, you need a 'switch' or hub to physically connect all of those
devices, so they can all speak to each other. (fwiw, I cringe at the
term subnet).

In the diagram above, you need two NICs in the gateway. One goes to the
ISP, and the other 192.168.1.2 goes to the switch. The rest of the
computers also plug into the switch. If all of the devices have
192.168.1.x, they are all in the same subnet.

> i don't
> need more. I tried this:
> 
> ISP x.x.88.17>-----------<x.x.88.20 Gateway 192.168.1.2>----------<pc cable
> unplugged 192.168.1.7>?

You need what's known as a 'cross-over' cable to connect the PC to the
Gateway directly. The first sentence in this link describes it well:

http://en.wikipedia.org/wiki/Ethernet_crossover_cable


> I want to use this one:
>                                                                                           
> |---------<pc 192.168.1.5>
>                                                                                           
> |
> ISP x.x.88.17>-----------<x.x.88.20 Gateway
> 192.168.1.2>-----<Switch>-----<pc 192.168.1.6>
>                                                                                           
> |
>                                                                                           
> |_________<pc 192.168.1.7> 
> 

The diagram got mangled, but from what I can tell, this is the same as
the diagram I left at the top of this message.

> The gateway will work like firewall and nat. Maybe i have wrong settings on
> my pc?

You do. Although technically it will work, you have in your gateway:

192.168.1.2 255.255.255.0

...but on the pc:

192.168.1.7 255.255.255.128:

> ----PC Settings----
> IP: 192.168.1.7
> Mask: 255.255.255.128 (same in rc.conf)
> Gateway: 192.168.1.2
> Dns: x.x.88.17
> Dns: 192.168.1.2

I'm not convinced that there still isn't a cabling issue,. I don't use
NAT, so perhaps someone else can help with any config issues, but I
would find out/fix what is causing the traffic to be received on the
wrong interface first.

Also, I just noticed in your original post that there appears to be
another clerical error. Again, I don't know ipnat, but I would suspect
that this:

map fxp0 192.168.0.0/16 -> 0/32

should really be this:

map fxp0 192.168.0.0/24 -> 0/32

Aside from that, are you sure that this entry shouldn't be:

map rl0 192.168.0.0/24 -> 0/32

? Again, I don't know ipnat, but to me, in the fxp0 entry, it looks like
you are trying to map the 192 space coming INTO fxp0 (which in your
original post is the NIC that faces the ISP, not the internal network).
If this is how ipnat looks at this, then this is also a problem.

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090918/417e4b01/smime.bin

More information about the freebsd-questions mailing list