Re: Re[2]: ipfw / ppp NAT
given that tun0 is the interface that connects x.x to the world (y.y) then what you have now would be: "ipfw add divert natd all from any to any via tun0" from what I understand what you want you should probably add somethin like: "ipfw add divert natd all from any to any via rl0" rl0 being the interface connecting x.x to x.1 on related news, why would u want to do something like that ? Hexren Quite complex 1) I have a routed network on 198.18/15 going via NAT to the net. 2) I have two gateways, running VRRP for high redundancy. 3) Gateway 1 routes "local traffic" via tun0, the rest (ala international) is sent to gateway 2 4) Gateway 2 routes "the rest" via tun0, and "local traffic" to gateway 1 This all happens now via BGP, and so far this is working without a problem. The problem now, is that I only receive one "real" IP per PPPoE session. Multilink is out of the question (not supported), so is getting multiple IPs per session. A further problem, is that the gateway address of these PPPoE sessions, are 100% exactly the same. Thus, what I need to achieve now (and hence what is my problem): 1) I need to establish MULTIPLE PPPoE sessions on Gateway 1 (even if the gateway address of the PtP link are the same) - BIG problem. I have semi fixed this by forcing my gateway address of the secondary pppoe sesssions to be the rl0 interface (and this is working) (i.e. ifaddr 10.0.0.1/32 x.x.x.x 255.255.255.0 0.0.0.0) 2) I need to be able to forward the live ip address received from one of the secondary PPPoE Sessions on Gateway1 to any host inside my routed network (198.18/15). 3) The load balancing and routing between Gateway 1 and Gateway 2 should all still work, and basically just exclude what ever is happening on the secondary PPPoE Sessions. I know I'm not giving allot of information, but this is ALLOT of work / configurations. If it's not a problem, I will post what is required (config wise), but yeah... We're talking close to 300 statically managed routes between Gateway 1 & 2... What my problem is now, is basically what would seem, like a nat / routing issue. PPP1 -> GW1 -> 198.18/15 PPP2 -> GW1 -> CLIENT1 INSIDE 198.18/15 Incoming, the connectivity is working. I establish a connection to PPP2, GW1 forwards the data to CLIENT1, and a tcpdump shows that the data does arrive. The problem is that the replies from CLIENT one, goes to GW1 and GW1 transmit the data back to the Internet via PPP1, and not PPP2.. Thus, in a nutshell now, I need to "map" PPPx to CLIENTx without causing any problems for the rest of the network -- Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re[2]: ipfw / ppp NAT
CK> Ok wait, CK> let me explain a bit more, because it seems the source-address is not my CK> problem. y.y ->> x.x -> x.1 CK> y.y is a IP from the Internet CK> x.x is the FreeBSD gateway, and CK> x.1 is a client on a internal network CK> I run NAT (via ipfw / ppp) on x.x. The packet comes in from y.y, via x.x, CK> to x.1, HOWEVER, the source-address of the packet ariving at x.1 is still CK> y.y. I want the source address of the packet ariving at x.1 to be x.x, and CK> not y.y CK> -- CK> Chris. CK> - Original Message - CK> From: "Chris Knipe" <[EMAIL PROTECTED]> CK> To: CK> Sent: Sunday, February 06, 2005 2:37 PM CK> Subject: ipfw / ppp NAT >> Hi, >> >> Is there any way that I can get / configure ipfw / Kernel PPP to rewrite >> the source address via NAT? >> >> -- >> Chris. >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "[EMAIL PROTECTED]" >> CK> ___ CK> freebsd-questions@freebsd.org mailing list CK> http://lists.freebsd.org/mailman/listinfo/freebsd-questions CK> To unsubscribe, send any mail to "[EMAIL PROTECTED]" - given that tun0 is the interface that connects x.x to the world (y.y) then what you have now would be: "ipfw add divert natd all from any to any via tun0" from what I understand what you want you should probably add somethin like: "ipfw add divert natd all from any to any via rl0" rl0 being the interface connecting x.x to x.1 on related news, why would u want to do something like that ? Hexren ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ipfw / ppp NAT
Ok wait, let me explain a bit more, because it seems the source-address is not my problem. y.y -> x.x -> x.1 y.y is a IP from the Internet x.x is the FreeBSD gateway, and x.1 is a client on a internal network I run NAT (via ipfw / ppp) on x.x. The packet comes in from y.y, via x.x, to x.1, HOWEVER, the source-address of the packet ariving at x.1 is still y.y. I want the source address of the packet ariving at x.1 to be x.x, and not y.y -- Chris. - Original Message - From: "Chris Knipe" <[EMAIL PROTECTED]> To: Sent: Sunday, February 06, 2005 2:37 PM Subject: ipfw / ppp NAT Hi, Is there any way that I can get / configure ipfw / Kernel PPP to rewrite the source address via NAT? -- Chris. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ipfw / ppp NAT
Hi, Is there any way that I can get / configure ipfw / Kernel PPP to rewrite the source address via NAT? -- Chris. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
