I sent this out Saturday from home, but it doesn't look like it went out... -------- Original Message -------- Message-ID: <437FBAB2.9070907@iaces.com> Date: Sat, 19 Nov 2005 17:52:18 -0600 From: Paul Root <ptroot@iaces.com> User-Agent: Thunderbird 1.5 (Macintosh/20051025) MIME-Version: 1.0 To: freebsd-stable <freebsd-stable@freebsd.org> Subject: tunnels through a NAT device Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm trying to setup and encrypted tunnel between 2 FreeBSD machines. Yesterday, I did get the tunnel up between two machines on the same network, and got it encrypted. Pretty easy following the handbook. Now, I have a machine at home behind a DSL modem (Actiontec) that NATs everything. I've made the machine the DMZ host for the Actiontec, which basically passes all ports not otherwise directed to the machine. The machines are both Sparcs. I'm using aliases for routing. Internet machine: hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet A.B.C.D netmask 0xffffffe0 broadcast A.B.C.Z inet6 fe80::a00:20ff:fec0:3fe1%hme0 prefixlen 64 scopeid 0x1 inet 192.168.99.1 netmask 0xffffffff broadcast 192.168.99.1 ether 08:00:20:c0:3f:e1 media: Ethernet autoselect (10baseT/UTP) status: active gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet A.B.C.D --> E.F.G.H inet6 fe80::a00:20ff:fec0:3fe1%gif0 prefixlen 64 scopeid 0x3 inet 192.168.99.1 --> 192.168.90.250 netmask 0xffffffff home NATed machine: hme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet6 fe80::a00:20ff:fec0:5061%hme0 prefixlen 64 scopeid 0x1 inet 192.168.0.250 netmask 0xffffff00 broadcast 192.168.0.255 inet 192.168.90.250 netmask 0xffffffff broadcast 192.168.90.250 ether 08:00:20:c0:50:61 media: Ethernet autoselect (100baseTX) status: active gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet E.F.G.H --> A.B.C.D inet6 fe80::a00:20ff:fec0:5061%gif0 prefixlen 64 scopeid 0x3 inet 192.168.90.250 --> 192.168.99.1 netmask 0xffffffff Now this works, exactly like this, on two machines that are not NATed. E.F.G.H is the address of the dsl modem on the outside. I've tried setting the home machine's gif0 interface to both E.F.G.H and 192.168.0.250 going to A.B.C.D. Obviously, the internet machine has to point to E.F.G.H. Should I set the alias of hme0 on the home machine to E.F.G.H? Is there a way to do this? -- ______ Paul T. Root / _ \ 1977 MGB / /|| \\ ||\/ || _ | || || || \ ||__// \______/