On Sat, 2006-02-18 at 22:42 +0000, Cian Hughes wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Here is one for those of you that like a challenge: > I have a freebsd 7-current box, it has two interfaces rl0 (connected > to wireless link) and rl1 (LAN) > rl0 has no addresses > I run PPPoE on rl0 which gives me an static IP address (lets call > this 1.2.3.4) and Default Gateway. > I also have a /29 of public IP's which are routed through this address > the first address x.x.x.1 is assigned to rl1 > > The normal setup is a cisco router on the wireless link, and all > computers route through it (but my cisco router is broken). > > Any traffic originating from 1.2.3.4 and going to the outside world > is blocked by an upstream firewall that I have no control over, > anything in my public range has no upstream firewalling. > > Sysctl is set to forward packets, and machines on the LAN with public > ips in my range work as expected. > > however if i do something like this: > ping freebsd.org > it fails because the packets automatically originate from 1.2.3.4 > > if I do this: > ping -S x.x.x.1 freebsd.org (thus setting the src address to a non- > firewalled IP) > it all goes fine and the packets return. > > Inbound connections (eg ssh) from the internet to x.x.x.1 work, but > obviously any web access from my freebsd box fails. > > My Question: How do i set the src address for all outbound packets > originating on my machine to x.x.x.1 instead of 1.2.3.4 when they are > passing through my pppoe tunnel? > > BTW this is not a show stopper for me, I have placed an old PII > machine between my server and the pppoe tunnel, which solves it. I'm > just curious as to whether or not there is a solution. > > Regards, Cian. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (Darwin) > > iD8DBQFD96LCaVVfOlCF0TQRAmsQAJwJq5N77DJZ/SC6qCR8hDpz0ty2mACcCfWl > s+/TkKXGcYiXFt3Ou2yxVdY= > =S5Pc > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-current_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" If I did not understand your setup, I do apologize, but it looks like natd -a x.x.x.1 should do the trick. Make sure that you are either have options IPDIVERT #divert sockets in your kernel configuration, or kldload ipdivert or better yet, read 'man natd' ;) -- Alexandre "Sunny" Kovalenko (Олександр Коваленко)Received on Fri Feb 24 2006 - 00:52:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:52 UTC