On 7/3/2013 4:06 AM, Sami Halabi wrote:
Hi Julian,I appreciate your willing to help me. My Situation in short is: ----------- [a] ------------------------- [b] ------------- internet B |---BGP---|84.xx.yy.1 192.168.0.1|-----|192.168.0.2/24 193.xx.yy.2| |Aem1 Cem3 D em0| | | neighbour ----------- ------------------------- | -------------- | | | [Q] | | your networks private network I Have control only over the middle machine, so i cant establish a tunnel. So I want it to act as MAN IN THE MIDDLE/ proxy. every packet comes from private network to 192.168.0.1 ie: packet hdr: src: 192.168.0.2 dst 192.168.0.1 should be translated as: packet hdr: src: 84.xx.yy.1 dst 193.xx.yy.2 ports and data untouched. and every packet from 193.xx.yy.2 (incoming/setup...) as: packet hdr: src: 193.xx.yy.2 dst: 84.xx.yy.1 to be translated as: packet hdr: src: 192.168.0.1 dst 192.168.0.2 btw: any other packet from src other than 193.xx.yy.2 to dst 84.xx.yy.1 should be dropped.
I believe this will work: binat on em1 from 193.xx.yy.2 to 84.xx.yy.1 -> 192.168.0.1 \ static-port tag netA binat on em0 from 192.168.0.2 to 192.168.0.1 -> 84.xx.yy.1 \ static-port tag netB redir from any to 84.xx.yy.1 -> 192.168.0.2 tagged netA redir from any to 192.168.0.1 -> 193.xx.yy.2 tagged netB _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
