NAT with one interface

cybercoder · May 27, 2010

I searched the forum deeply but didn't find anything useful

i need to use NAT on 1 interface.

Code:

ipfw add 10 divert natd ip from 192.168.140.0/24 to $valid_IP

but it doesn't work!
( kernel compiled correctly and rc.conf is configured )

how can i see NAT table or test NAT?

SirDice · May 27, 2010

You can't bounce a connection off of the same interface.

cybercoder · May 27, 2010

You can't bounce a connection off of the same interface.

But i did it on same interface with IPTABLES before, more than 10000000 time!
can't ipfw do it really ?

DutchDaemon · May 27, 2010

I think it's possible to NAT on a single interface with the public IP as the primary address and the private IP as an alias, no? Don't use ipfw though. I think pf uses something like:

Code:

nat on $ext_if from ! $ext_if:0 to any -> $ext_if:0

cybercoder · May 27, 2010

I think it's possible to NAT on a single interface with the public IP as the primary address and the private IP as an alias, no? Don't use ipfw though

is purpose of those sentences, i should use NATD directly ?

DutchDaemon · May 27, 2010

Maybe experiment with -alias_address instead of -interface (see natd(8)). If you specify the public IP address instead of the interface name you may be able to have RFC1918 addresses on that interface translated to the public IP address. Not tested, as I don't use IPFW. I'm sure someone on here will be able to confirm/deny.

sixtydoses · May 27, 2010

I used to configure NAT on a single interface but nothing fancy with my ipfw. Kernel compiled with options 'IPFIREWALL' and 'IPDIVERT'.

My natd service runs against tun0.
# natd -interface tun0

And with IP forwarding enabled:
net.inet.ip.forwarding: 1

The rest in my /etc/rc.conf (I think..):

Code:

gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="tun0"
natd_flags="

cybercoder · May 27, 2010

I think i should return to use Fedora or Ubuntu !

SirDice · May 27, 2010

What I meant by not being able to bounce off of the same interface is that you cannot redirect an incoming packet back out the same interface. As long as you stay on the same machine it shouldn't be a problem. You can NAT to lo1 i.e. But to be honest I really don't see the point of it.

Perhaps you can elaborate on what you're trying to archive? There may be far simpler solutions.

cybercoder · May 28, 2010

there's only one solutions and i should NAT (overload) a range of invalid ip addresses to a valid ip address,
i'll go to use fedora core!

SirDice · May 28, 2010

cybercoder said:
there's only one solutions

There are always multiple solutions.

i'll go to use fedora core!

kthxby

DutchDaemon · May 28, 2010

Waste of time. Closed.

NAT with one interface

cybercoder

SirDice

Administrator

cybercoder

DutchDaemon

Administrator

cybercoder

DutchDaemon

Administrator

sixtydoses

cybercoder

SirDice

Administrator

cybercoder

SirDice

Administrator

DutchDaemon

Administrator