On Fri, 5 Apr 2002, Matthew D. Fuller wrote:
> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
> Nick Rogness, and lo! it spake thus:
> > On Fri, 5 Apr 2002, Alex Rousskov wrote:
> > >
> > > - Is it possible without kernel modifications? How?
> >
> > AFAIK, No. Your only 2 possiblities that I could think of would
> > be to use policy routing or natd. Both will fail in this case.
>
> You MIGHT be able to use ipfw divert/pipe rules to somehow shove the
> packets into a program on their way out, and write a program that
> would use raw sockets to hand-assemble the IP datagram on the way out;
> I'm not sure if the kernel would try to outsmart you on that.
Yeh, I thought of that. The problem is packets never leave
anywhere since the route for the other NIC is not "OUT" any
interface...it is the machine itself.
I had a brief thought of using an upstream device that could route
the appropriate nat'd addresses to each interface. This
would be tricky to do but a maybe something like:
===================
| Upstream device |
===================
| |
| |
xl0 xl1
===================
| BSD Machine |
===================
On the BSD machine:
ipfw divert natd ip from any to 2.3.4.5 out via xl0
ipfw divert natd ip from 2.3.4.5 to any in via xl0
ipfw divert natd2 ip from any to 2.3.4.5 in via xl1
ipfw divert natd2 ip from any to 192.168.0.1 out via xl1
ipfw allow ip from any to any
# route add -host 192.168.0.1 -iface xl1
# route add -host 2.3.4.5 -iface xl0
# natd -alias_address 192.168.0.1
# natd2 -redirect_address $IP_OF_xl1 2.3.4.5 -n xl1
# route add default $IP_OF_UPSTREAM_DEVICE
Then on the Upstream device:
# route add -host 2.3.4.5 $IP_OF_xl1
# route add -host 192.168.0.1 $IP_OF_xl0
That should get the basic functionality but there is still a tad
bit of tweaking to do to get everything working. The basic
concept is there though.
Of course, your IP's on the outside will be different than what
they really are which is not what the original author wanted. So
I said it is not a viable solution.
PS. I just randomly chose 192.168.0.1 & 2.3.4.5...you could use
anything that is not part of either IP subnet assigned to xl0 &
xl1.
Nick Rogness <[EMAIL PROTECTED]>
- Don't mind me...I'm just sniffing your packets
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
