Alexander Hall wrote: > Lars Nooden wrote: >> Sometimes I have to set up a LAN inside a pre-existing NAT'd LAN and >> traffic from the inner LAN (B) does not make it to the Internet or even >> to final, external interface (4). >> >> +-------+ +--------+ >> LAN B ---+ 1 + + Box2 + >> + NAT + + 4+---> Internet >> + 2+--LAN A--+3 NAT + >> + Box1 + + + >> +-------+ +--------+ >> >> What kind of generic change is needed in PF to get from LAN B through to >> the outside? > > If the subnets are different, say 192.168.10.0/24 and 192.168.11.0/24, > and each box does its NAT and 'net.inet.ip.forwarding=1' I cannot see > anything that would prevent this from working. > > Start by tracing how far the package makes it and what src address it has.
Thanks. I can ping from LAN B to interface 3 and get a response, but not to 4. I can ping (and everything else) from LAN A to interface 4 and the Internet. I've searched around a bit and see there is something wrong (in general) with "double NAT" -Lars
