ppp nat static/dynamic

Hi guys,

How can I set up nat to do static nat for my servers and just nat to exit interface ip for the rest of the LAN? I have a block of 16 IPs that I want to do static nat for. This is the server subnet. For other clients it should just use its out interface IP assigned dynamically by the ISP. I am using PPPoE to connect to DSL.

I understand that
Code:
nat addr 192.168.1.5 1.1.1.1
would nat just fine and I can add more rules for each IP I have, but when there is traffic for clients it should simply use the em0 (out interface) IP. So if nat goes through the current rules and can't find an alias would it simply drop packets ?
 
I have added
Code:
nat addr 192.168.1.5 x.x.x.x
but it does not work. My ISP says that all the traffic is routed to my gateway.

rc.conf
Code:
gateway_enable="YES"
ppp_enable="YES'
ppp_profile="abc"
ppp_mode="ddial"
ppp_nat="YES"
ppp_user="root"

ppp.conf
Code:
default:
 ident user-ppp VERSION
 set log tun command
 set device PPPoE:em0:iprimus
 set speed sync
 set mru 1492
 set mtu 1492
 set ctsrts off
 #enable lqr
 #set lqrperiod 5
 enable dns
 add default HISADDR

#NAT
 nat enable yes
 nat log yes
 nat same_ports yes
 nat unregistered_only yes
 nat addr 192.168.1.5 x.x.x.x

iprimus:
Code:
 set authname ******
 set authkey ******

Any ideas?
 
You need to explain better what your network topology is because your last explanation just left me with a foggy (really foggy) idea what you want to do :)

Regards.
 
tbyte, can't tell you how happy I am to get a reply at least; tbyte to the rescue again :p

See by now you know I have 16 IPs that we will use for servers. My DSL is bridged, connected to the unix box. On the unix box em0 is connected to DSL. em1 is LAN 192.168.1.0/24. Now when I connect DSL and browse from LAN computers everything works. But I want to map the 16 IP block I have to servers. So I have a web server 192.168.1.5 so I want to map one IP to it.

But when I do
Code:
 nat addr 192.168.1.5 x.x.x.x
and try to connect from outside nothing happens.

My tun0 interface has a different IP, I mean it's not from the 16 block of IPs I have but my ISP tells me the /28 is routed properly. Then I don't know what I am doing wrong.

I have even tried
Code:
nat port tcp 192.168.1.5:80 80
which should just send all http traffic to the .5 server but it doesn't.

Any idea?
 
So from what I've gathered you've got a DSL modem (not router) connected on em0 ;) . And the ISP should have (if they have two brain cells) routed these 16 IPs via the PPPoE's real IP, right? If so 'unregistered_only' should be the only option you need (remove 'nat addr'). BUT you need to tell YOUR router where these 16 IP are. The easiest way is to set one of the IPs (add as alias with /28 mask) on your em1 interface.

Regards.
 
Last night I tried traceroute from home to the block of 16 public IPs I have. It ends up at the IP assigned to my DSL which means routing from ISP is done right.

I was talking to the ISP guys and they said that they can see traffic coming to my interface but bounces back. So this might be a routing issue. hat happens when traffic arrives at PPP tun0 interface? Does it check the routing table first to determine if it has that IP range? or does it NAT first?

I tried adding a route to the public ip space:
Code:
route add -net 1.1.1.1/28 192.168.1.2
But that didn't help. So I removed the route and added an alias to em1 interface.
Code:
ifconfig em1 1.1.1.1 netmask 255.255.255.240 alias
Still no luck. I can see that the problem is at my end and most probably with routing.
 
I have made some progress. I assigned one of the public IPs to my re0 (I have three interfaces) and now when I ping from outside it works. But the whole idea is to have the public IPs natted to private IPs. Do I have to ask the ISP to assign my tun0 interface one of my public IPs?
 
Well here is a
Code:
netstat -rn

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.216.11     UGS         0    26552   tun1
127.0.0.1          link#5             UH          0        0    lo0
192.168.1.0/24     link#3             U           1   245203    em1
192.168.1.2        link#3             UHS         0        0    lo0
192.168.216.11     link#7             UHS         0        0   tun1
200.0.240.208/28  link#1             U           0    52695    re0
200.0.240.209     link#1             UHS         0        0    lo0
210.26.214.36      link#7             UHS         0        0    lo0

All I wish to achieve is when I connect to DSL and get assigned 210.26.214.36. And whenever there is a request for 200.0.240.208/28 network, I should be able to NAT it to the private 192.168.1.0/24 network and my servers accessible from outside.
 
Assign REAL IPs to your servers! :) And if you want them visible in the LAN just add 192.168.1.x/24 alias. You don't need NAT for that. Although
Code:
nat addr 192.168.1.5 x.x.x.x
should have worked too if you have no other ipfw rules.

When you are using
Code:
nat addr 192.168.1.5 x.x.x.x
try to drop 'unregistered_only' it might interfere.
 
Thank you very much for your input tbyte. I figured out the problem this morning. The server was using a different gateway and that was the only reason my configuration was not working. But your suggestions helped me understand a few things. Thank you.
How can I mark this thread as solved?
 
Junaid said:
Thank you very much for your input tbyte. I figured out the problem this morning. The server was using a different gateway and that was the only reason my configuration was not working. But you suggestions helped me understand a few things. Thank you
How can i mark this thread as solved !

'Advanced edit' your first post and change the title to 'Solved' :)
 
Back
Top