I'm trying to set up nat on my server and it works with simple & dumb rules, but I can't get it to work with normal rules.
My old setup used to be:
The problem is that router is only 10Mbps, and after porer failures it has trouble to start serving clients. (eventually after few hors it just work)
So to lose the router I'd like to build my setup like this:
Benefit would also be 1Gbps LAN (I don't use wifi at home)
For this to work I've modified my ipfw rules on server.
Just to get me started adding
Did the trick (IIF - Internal interface, EIF - external interface) (but obviously sux)
So I started reading manual and adopting example to my needs, but I can't get it to work.
I will post my ipfw rules in next post to avoid 10K character limit per post
My old setup used to be:
Code:
+---------------------------------+
++-------+ | (Router) |
| +--------+ HOME_NET_IP <-> 192.168.128.1 |
ISP ------+ Switch | +------------------------+--+--+--+
| +---+ | | |
+--------+ | | | +-- 192.168.128.4 (laptop2.pc)
| +------------------------+ | +----- 192.168.128.3 (laptop.pc)
| | SERVER_IP1 | | +----------------------------+
+-+ SERVER_IP2 | +--------+ 192.168.128.2 (desktop.pc) |
| SERVER_IP3 192.168.0.1 +-----------+ 192.168.0.2 |
| (Server) | +----------------------------+
+------------------------+
So to lose the router I'd like to build my setup like this:
Code:
+------------- ---------------+ +--------+
| HOME_NET_IP <-> 192.168.0.1 + -----+ +----------- 192.168.0.2 (desktop.pc)
| SERVER_IP1 | | Switch +----------- 192.168.0.3 (laptop.pc)
ISP ----+ SERVER_IP2 | | +----------- 192.168.0.4 (laptop2.pc)
| SERVER_IP3 (Server) | +--------+
+----------------- -----------+
For this to work I've modified my ipfw rules on server.
Just to get me started adding
Code:
ipfw_cmd "3 add divert natd ip from any to any via $EIF"
ipfw_cmd "4 add allow ip from any to any via lo0"
ipfw_cmd "5 add allow ip from any to any via $IIF keep-state"
ipfw_cmd "8 add check-state"
So I started reading manual and adopting example to my needs, but I can't get it to work.
I will post my ipfw rules in next post to avoid 10K character limit per post