Re: Networking Puzzle

From: Alexandre \ <Alex.Kovalenko_at_verizon.net>
Date: Thu, 23 Feb 2006 19:22:10 -0500
On Sat, 2006-02-18 at 22:42 +0000, Cian Hughes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Here is one for those of you that like a challenge:
> I have a freebsd 7-current box, it has two interfaces rl0 (connected  
> to wireless link) and rl1 (LAN)
> rl0 has no addresses
> I run PPPoE on rl0 which gives me an static IP address (lets call  
> this 1.2.3.4) and Default Gateway.
> I also have a /29 of public IP's which are routed through this address
> the first address x.x.x.1 is assigned to rl1
> 
> The normal setup is a cisco router on the wireless link, and all  
> computers route through it (but my cisco router is broken).
> 
> Any traffic originating from 1.2.3.4 and going to the outside world  
> is blocked by an upstream firewall that I have no control over,  
> anything in my public range has no upstream firewalling.
> 
> Sysctl is set to forward packets, and machines on the LAN with public  
> ips in my range work as expected.
> 
> however if i do something like this:
> ping freebsd.org
> it fails because the packets automatically originate from 1.2.3.4
> 
> if I do this:
> ping -S x.x.x.1 freebsd.org (thus setting the src address to a non- 
> firewalled IP)
> it all goes fine and the packets return.
> 
> Inbound connections (eg ssh) from the internet to x.x.x.1 work, but  
> obviously any web access from my freebsd box fails.
> 
> My Question: How do i set the src address for all outbound packets  
> originating on my machine to x.x.x.1 instead of 1.2.3.4 when they are  
> passing through my pppoe tunnel?
> 
> BTW this is not a show stopper for me, I have placed an old PII  
> machine between my server and the pppoe tunnel, which solves it. I'm  
> just curious as to whether or not there is a solution.
> 
> Regards, Cian.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> 
> iD8DBQFD96LCaVVfOlCF0TQRAmsQAJwJq5N77DJZ/SC6qCR8hDpz0ty2mACcCfWl
> s+/TkKXGcYiXFt3Ou2yxVdY=
> =S5Pc
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"

If I did not understand your setup, I do apologize, but it looks like 

natd -a x.x.x.1

should do the trick. Make sure that you are either have 

options         IPDIVERT                #divert sockets

in your kernel configuration, or 

kldload ipdivert

or better yet, read 'man natd' ;)

-- 
Alexandre "Sunny" Kovalenko (Олександр Коваленко)
Received on Fri Feb 24 2006 - 00:52:13 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:52 UTC