DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th February 2009
zapov zapov is offline
New User
 
Join Date: Feb 2009
Posts: 1
Default NAT with only one interface

I'm wondering if it is possible to set up NAT for local network using only one interface on my BSD server?
I'm using OpenBSD, and have this configuration:

interface: vr0
vr0 dhcp - uses dhcp to get ip from cable modem
vr0 alias 192.168.1.1 - gateway for local network

ip.networking.forwarding (or something like that - i'm currently not on that server)

NAT
from vr0 on 192.168.0.0/16 to (vr0) - something similar

All computers, and cable modem are connected to switch.

The problem is, that it seems to me that network is crashing on this setup. I've came to that conclusion because, sometimes I can ping outside, but most of the times I can't (for example, from ten attempts only one succeeds, and when it succeeds it only works for short period of time - couple of seconds).
From OpenBSD server everything works fine.
Inside local network everything also works fine.
But when I try to surf using computer from within the network, I need to refresh page couple of times for it to load (and most of the time, it doesn't load fully).
Reply With Quote
  #2   (View Single Post)  
Old 14th February 2009
J65nko J65nko is online now
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

The standard way is to use an extra NIC. I doubt it is actually possible to do it with one single network card.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 14th February 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

I wanted to say no at first, but I'm not so sure J65nko.. but I can't confirm this either.

In the PF FAQ the following is mentioned for the ext_addr member of the nat keyword.

Quote:
Originally Posted by http://www.openbsd.org/faq/pf/nat.html#config
1) The name of the external network interface in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface changes. This is highly useful when the external interface gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes.

2) The name of a network interface followed by either one of these modifiers:

* : network - substitutes the CIDR network block (e.g., 192.168.0.0/24)
* : peer - substitutes the peer's IP address on a point-to-point link

In addition, the :0 modifier can be appended to either an interface name or to any of the above modifiers to indicate that PF should not include aliased IP addresses in the substitution. These modifiers can also be used when the interface is contained in parentheses. Example: fxp0:network:0.
Still, I'm not sure how this would work though.. perhaps like:
nat on vr0 inet from 192.168.0.0/16 to any -> (vr0:network:0).

Comments?
Reply With Quote
  #4   (View Single Post)  
Old 14th February 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

Just wondering whether it would be possible to NAT between a public IP address on a NIC and an RFC1918 network aliased on that same NIC.

ifconfig fxp0 inet 123.123.123.123 netmask 255.255.255.0
ifconfig fxp0 alias 10.0.0.1 netmask 255.255.255.0

nat on fxp0 from 10.0.0.0/24 to any -> 123.123.123.123

Would it cause weird mojo, or something else?
Reply With Quote
  #5   (View Single Post)  
Old 16th February 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

I actually do this now. I have an OBSD 4.3 box NAT'ing my desktop to my ADSL router using a single NIC. The OBSD box and the desktop talk to each other via the 4 port switch built into the ADSL router (which is also how the OBSD box talks to the ADSL router.) In my production environment at work I would never recommend this. However, this is my home, and the double traffic isn't detrimental at such low levels... just cuts down the effective bandwidth that can be utilized in half.

My ADSL router LAN address is 192.168.1.254. My OBSD box is 192.168.1.5 and 10.0.0.1 (with default gateway of 192.168.1.254). My desktop is 10.0.0.66 (with default gateway of 10.0.0.1), and the NAT address it uses is 192.168.1.66.


Here's my OBSD configuration-

hostname.rl0
Code:
inet 192.168.1.5 255.255.255.0 NONE
inet alias 10.0.0.1 255.255.255.0 10.0.0.255
inet alias 192.168.1.66 255.255.255.0 NONE
pf.conf
Code:
ext_if="rl0"
desk1_ext = "192.168.1.66"
desk1_int = "10.0.0.66"
binat on $ext_if from $desk1_int to any -> $desk1_ext
With this setup I use Snort (with BASE) as an IDS. It works nicely!
__________________
Network Firefighter

Last edited by ai-danno; 16th February 2009 at 03:51 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web interface for rTorrent Beastie FreeBSD Ports and Packages 0 24th August 2009 11:53 AM
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
Dell R300 bce interface not recognized under 7.0 jwilson FreeBSD General 2 28th July 2008 07:39 PM
Interface - total bandwidth centerstage OpenBSD General 11 18th June 2008 11:20 PM
Web interface for pf? windependence OpenBSD Security 4 20th May 2008 03:58 AM


All times are GMT. The time now is 11:20 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick