On 09/07/13 21:32, Simon Slaytor wrote: > Hi Folks, > > I've been trying to wrap my head around a problem for a little while and > I'm getting nowhere fast so thought I'd ask the experts: > > Due to a company take over I have two networks, NetA and NetB, that I > need to link together for bi directional data sharing etc. Unfortunately > both networks use the same IP addressing scheme i.e. 172.16.10.0/24 and > neither can changed within the timespan available to me. > > So I need to setup a PF box which links to both networks and translates > between the two. Conceptually I want to have it that from NetA's > perspective NetB is 172.16.20.0/24 and from NetB's perspective NetA is > 172.16.30.0/24 > > NetA ----> NetB-NAT (172.16.20.0/24) -----> NIC1 (172.16.10.254/24) PF > Firewall/Route NIC2 (172.16.10.254/24) <---- NetA-NAT (172.16.30.0) > <----- NetB > > I've read about bitmask on NAT/BITNAT etc and all this looks good the > problem however is that this is done on the outgoing interface however > given that both the outbound and inbound interfaces share an ip/subnet > the packets never get to the outbound interface to be translated. > > I'm sure there's something completely obvious I'm missing, any help > would be much appreciated. > > Simon >
So you have 172.16.10.254 on two interfaces on the same box? I don't think that will end well. I would go with two firewalls, one nats NetA, the other nats NetB and put a link net in between.
