Subject: Re: How to create a virtual network inside a NetBSD Box
To: None <>
From: Daniel Carosone <>
List: tech-net
Date: 09/24/2004 20:34:05
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 24, 2004 at 11:10:52AM +0200, Christoph Kaegi wrote:
> I'd like to create a C-Class Network Net2 'insde' a NetBSD
> host like this:

>                            NetBSD host
>                       .....................
>                       .                   .
>       I--------I      .     I--------I    .      I--------I
>   ----I  Net1  I------------I  Net2  I-----------I  Net3  I------
>       I--------I      .     I--------I    .      I--------I=20
>                       .                   .
>                       .....................
> Net1: Network with Private addresses
> Net2: Network with offical addresses
> Net3: our DMZ
> NetBSD host: A NetBSD Firewall/NAT-Box with one interface
>              into Net1 and one into Net3
> The goal would be to use the addresses of Net2 as NAT source
> adresses so I wouldn't need to use up alot of Net3 adress space
> for that.

So your internet connection is somewhere beyond net3, and net3 is also
using public addresses, right?

This is a standard NAT setup. Your confusion is all in how you've drawn it.

What you want, if I understand correctly, is for Net1 devices to use
Net2 addresses when traversing Net3 and beyond. So, from the outside
(net3) you see this:

                         NetBSD host
                      .                .
      I--------I      .                .      I--------I
  ----I  Net2  I------------------------------I  Net3  I------
      I--------I      .                .      I--------I=20
                      .                .

All you need to do is NAT net1 addresses onto net2, as they leave your
net3 interface, and arrange for the boxes on net3 and beyond to route
packets destined for net2 via your netbsd box.

The details of the NAT configuration depend on your specific
requirements (static, hide, bimap, etc), but this is the path you need
to take.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)