View Single Post
  #2   (View Single Post)  
Old 16th January 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

I have the following setup
Code:
      I N T E R N E T
             |
             |
             |
-------------|---------------
       85.xxx.xxx.xxx
     external interface

    Speedtouch Router

     internal interface
         10.0.0.138
-------------|---------------
             |
             |
-------------|---------------
         10.0.0.200
     external interface

     OpenBSD   Firewall

     internal interface
       192.168.0.1/24
-------------|---------------
             |
             |
          ---|---
          switch
          ---|---
             |
             |
-------------|---------------
       192.168.0.10/24
           Desktop 
-----------------------------
And I don't do double NAT The Speedtouch does NAT.
Because the Speedtouch router only knows the 10.0.0.0 network it has to be told that incoming packets (the replies) for the 192.168.0.0 network have to be sent to the 10.0.0.200 interface.

In other words, this 10.0.0.200 interface is the gateway for the 192.168.0.0 network. On the Speedtouch I added the following static route:
Code:
	
Destination 		Source 		        Gateway 		Intf
192.168.0.0/24 		10.0.0.138/32 		10.0.0.200 		eth0
So if your router allows you to configure static routes, then you could do a similar setup.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote