On 07/09/2013 23:22, Florian Obser wrote:
On 09/07/13 21:32, Simon Slaytor wrote:
Hi Folks,
I've been trying to wrap my head around a problem for a little while and
I'm getting nowhere fast so thought I'd ask the experts:
Due to a company take over I have two networks, NetA and NetB, that I
need to link together for bi directional data sharing etc. Unfortunately
both networks use the same IP addressing scheme i.e. 172.16.10.0/24 and
neither can changed within the timespan available to me.
So I need to setup a PF box which links to both networks and translates
between the two. Conceptually I want to have it that from NetA's
perspective NetB is 172.16.20.0/24 and from NetB's perspective NetA is
172.16.30.0/24
NetA ----> NetB-NAT (172.16.20.0/24) -----> NIC1 (172.16.10.254/24) PF
Firewall/Route NIC2 (172.16.10.254/24) <---- NetA-NAT (172.16.30.0)
<----- NetB
I've read about bitmask on NAT/BITNAT etc and all this looks good the
problem however is that this is done on the outgoing interface however
given that both the outbound and inbound interfaces share an ip/subnet
the packets never get to the outbound interface to be translated.
I'm sure there's something completely obvious I'm missing, any help
would be much appreciated.
Simon
So you have 172.16.10.254 on two interfaces on the same box? I don't
think that will end well. I would go with two firewalls, one nats NetA,
the other nats NetB and put a link net in between.
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3392 / Virus Database: 3222/6645 - Release Date: 09/07/13
Cheers Florian,
Yes I was thinking this myself, just wondering if I could do something
with VRF's and PF's route to as a way to avoid this?
