[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Connecting two seperate networks with OpenBSD
On Fri, 7 Jun 2002, Dan Sveen Olsen wrote:
> More like:
>
> Lan-A <---> GW <---> OpenBSD (NAT) <---> GW <---> Lan-B
>
> Left side 1.1.2.2 wants to talk to other side. 1.1.2.2 sends packet to
> 1.1.6.10. Since it's not local, it gets routed through the GW and to the NAT
> server (with static arp for 1.1.6.10). The NAT server accept the packet and
> now both source and destination addresses should have been rewritten and
> sent off to the other side. But how? Which rules should be used? Is it even
> possible.
>
> I have tried with the following commands:
>
> route add -host 1.1.3.10 1.1.6.1 <-- IP address of the left side GW (tcpdump
> shows it works)
> route add -host 1.1.6.10 1.1.3.1 <-- IP address of the right side GW
>
> ... and rules:
>
> binat ep1 1.1.2.2 to any -> 1.1.6.10 <-- ep1 is the left side if
> binat tl0 1.1.2.2 to any -> 1.1.3.10 <-- tl0 is the right side if
>
> But this doesn't work... is it because pf thinks the packet when NATed, are
> to be routed back the way it came since it that way it first saw the 1.1.2.2
> address?
I completely understand what your trying to do :-) This worked it you had
binat ep1 1.1.2.2 to any -> 1.1.6.10
binat tl0 1.1.4.2 to any -> 1.1.3.10
^^^^
Cool. Nice to know. If you look at http://mniam.net/pf/pf.png you see
packets going twice through BINAT.
I think the server is confused that you have 1.1.2.2 twice :-) So the
routing table will just send it back on the same interface like you
suggested. IP address have to be unique, it's as simple as that.
This setup is impossible.
Cheers,
Dries
--
Dries Schellekens
email: gwyllion@ulyssis.org