snajd
October 28th, 2003, 16:29
Hi all
My situation is like this:
My ISP gives me 5 dynamic, real IP numbers via DHCP and i want to use more than one number, but still run NAT and map the external numbers to internal hosts.
(I do not want to run a bridge)
My firewall is a OpenBSD-current with 4 NICs. Three external, hooked to a hub which is connected to my ISP, and one internal NIC, connected to my internal switch. The three external NICs is configured for DHCP.
My pf.conf looks something like this:
[code:1:d335b7566d]
ext_if1="ep0"
ext_if2="ex0"
ext_if3="rl0"
int_if="xl0"
host1="10.1.1.10"
host2="10.1.1.1"
nat on $ext_if1 from xl0/24 to any -> ($ext_if1)
binat on $ext_if2 from $host1 to any -> ($ext_if2)
binat on $ext_if3 from $host2 to any -> ($ext_if3)
pass in all
pass out all
[/code:1:d335b7566d]
The problem is:
When you use binat to create static NAT and connects to the internet from a host on the internal net which has a external ip mapped to it, your connection lookes like it comes from that ip, but in my case, all connections from the internal net, seems like it comes from the ip on $ext_if1.
I can understand this, because the default route in my routing table is like:
default xxx-xxx-xxx-xxx UGS 5 745122 - ep0
But here comes the strange part:
When you connect from the internet to one of my external NICs, you get redirected to the internal host, just like you should be.
I cant se how this can work really, but it does
btw
This is just something i do for the fun of it and to see if it can be done, it is not business critical or anything ;-)
My situation is like this:
My ISP gives me 5 dynamic, real IP numbers via DHCP and i want to use more than one number, but still run NAT and map the external numbers to internal hosts.
(I do not want to run a bridge)
My firewall is a OpenBSD-current with 4 NICs. Three external, hooked to a hub which is connected to my ISP, and one internal NIC, connected to my internal switch. The three external NICs is configured for DHCP.
My pf.conf looks something like this:
[code:1:d335b7566d]
ext_if1="ep0"
ext_if2="ex0"
ext_if3="rl0"
int_if="xl0"
host1="10.1.1.10"
host2="10.1.1.1"
nat on $ext_if1 from xl0/24 to any -> ($ext_if1)
binat on $ext_if2 from $host1 to any -> ($ext_if2)
binat on $ext_if3 from $host2 to any -> ($ext_if3)
pass in all
pass out all
[/code:1:d335b7566d]
The problem is:
When you use binat to create static NAT and connects to the internet from a host on the internal net which has a external ip mapped to it, your connection lookes like it comes from that ip, but in my case, all connections from the internal net, seems like it comes from the ip on $ext_if1.
I can understand this, because the default route in my routing table is like:
default xxx-xxx-xxx-xxx UGS 5 745122 - ep0
But here comes the strange part:
When you connect from the internet to one of my external NICs, you get redirected to the internal host, just like you should be.
I cant se how this can work really, but it does
btw
This is just something i do for the fun of it and to see if it can be done, it is not business critical or anything ;-)