Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th February 2009
zapov zapov is offline
New User
Join Date: Feb 2009
Posts: 1
Thanked 0 Times in 0 Posts
Default NAT with only one interface

I'm wondering if it is possible to set up NAT for local network using only one interface on my BSD server?
I'm using OpenBSD, and have this configuration:

interface: vr0
vr0 dhcp - uses dhcp to get ip from cable modem
vr0 alias - gateway for local network

ip.networking.forwarding (or something like that - i'm currently not on that server)

from vr0 on to (vr0) - something similar

All computers, and cable modem are connected to switch.

The problem is, that it seems to me that network is crashing on this setup. I've came to that conclusion because, sometimes I can ping outside, but most of the times I can't (for example, from ten attempts only one succeeds, and when it succeeds it only works for short period of time - couple of seconds).
From OpenBSD server everything works fine.
Inside local network everything also works fine.
But when I try to surf using computer from within the network, I need to refresh page couple of times for it to load (and most of the time, it doesn't load fully).
Reply With Quote
  #2   (View Single Post)  
Old 14th February 2009
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,371
Thanked 182 Times in 149 Posts

The standard way is to use an extra NIC. I doubt it is actually possible to do it with one single network card.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 14th February 2009
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Helpful companion
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Thanked 193 Times in 184 Posts

I wanted to say no at first, but I'm not so sure J65nko.. but I can't confirm this either.

In the PF FAQ the following is mentioned for the ext_addr member of the nat keyword.

Originally Posted by http://www.openbsd.org/faq/pf/nat.html#config
1) The name of the external network interface in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface changes. This is highly useful when the external interface gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes.

2) The name of a network interface followed by either one of these modifiers:

* : network - substitutes the CIDR network block (e.g.,
* : peer - substitutes the peer's IP address on a point-to-point link

In addition, the :0 modifier can be appended to either an interface name or to any of the above modifiers to indicate that PF should not include aliased IP addresses in the substitution. These modifiers can also be used when the interface is contained in parentheses. Example: fxp0:network:0.
Still, I'm not sure how this would work though.. perhaps like:
nat on vr0 inet from to any -> (vr0:network:0).

Reply With Quote
  #4   (View Single Post)  
Old 14th February 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Thanked 32 Times in 30 Posts

Just wondering whether it would be possible to NAT between a public IP address on a NIC and an RFC1918 network aliased on that same NIC.

ifconfig fxp0 inet netmask
ifconfig fxp0 alias netmask

nat on fxp0 from to any ->

Would it cause weird mojo, or something else?
Reply With Quote
  #5   (View Single Post)  
Old 16th February 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts

I actually do this now. I have an OBSD 4.3 box NAT'ing my desktop to my ADSL router using a single NIC. The OBSD box and the desktop talk to each other via the 4 port switch built into the ADSL router (which is also how the OBSD box talks to the ADSL router.) In my production environment at work I would never recommend this. However, this is my home, and the double traffic isn't detrimental at such low levels... just cuts down the effective bandwidth that can be utilized in half.

My ADSL router LAN address is My OBSD box is and (with default gateway of My desktop is (with default gateway of, and the NAT address it uses is

Here's my OBSD configuration-

inet NONE
inet alias
inet alias NONE
desk1_ext = ""
desk1_int = ""
binat on $ext_if from $desk1_int to any -> $desk1_ext
With this setup I use Snort (with BASE) as an IDS. It works nicely!
Network Firefighter

Last edited by ai-danno; 16th February 2009 at 03:51 AM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web interface for rTorrent Beastie FreeBSD Ports and Packages 0 24th August 2009 11:53 AM
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
Dell R300 bce interface not recognized under 7.0 jwilson FreeBSD General 2 28th July 2008 07:39 PM
Interface - total bandwidth centerstage OpenBSD General 11 18th June 2008 11:20 PM
Web interface for pf? windependence OpenBSD Security 4 20th May 2008 03:58 AM

All times are GMT. The time now is 04:08 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick