[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Doing nat only with <ONE> nic



Hi all:

A friend of mine has bought a new internet access. The ISP gave him a
"modem-bridge" that has one ethernet port. Clients has to use dhcp to get
ip addresses. This Ip addresses are public ones and only two computers can
be using the internet access at the same time. Dirty? sure.
My friend has four computers and wanted that all of them would have
internet access. I tell him: Hey!! Now it is time to get openbsd in your
live!!
So I got an old machine that he had at home and use it to configure the
almost typical NAT-setup. What I say almost? Well, I say that because the
machine that will do NAT has only ONE NIC. I thought that, theoretically,
I will be able to use the NAT-setup putting two ip addresses in the
NIC. So, I followed the classical procedure:

1. /etc/rc.conf
	pf=YES

2. /etc/sysctl.conf
	net.inet.ip.forwarding=1

3. /etc/hostname.ne3
	dhcp
	inet alias 10.0.1.1 255.255.255.0

4. /etc/pf.conf

	nat on ne3 from 10.0.1.0/24 to any -> $PUBLIC_IP
	pass in all
	pass out all


Well, with this setup it works like a charm.
What is the problem? Problem is that $PUBLIC_IP can change and how I
have alias over the ne3 interface I can't put this pf.conf line:

	nat on ne3 from 10.0.1.0/24 to any -> ne3

If I try to reload pf with this new setup I get this error:

marty:/tmp $ sudo  pfctl -f /etc/pf.conf
/etc/pf.conf:17: translation address expands to multiple IPs of this
address family
pfctl: Syntax error in file: pf rules not loaded

Umm!! What a pity.
Is there any one who can give me some solution?

And one more thing: I would want to setup a dhcp server, will I find some
problem having aliases on the NIC?

Thanks in advance and apologize about my crappy english.

P.S: What do you think about this scenario? I mean, would you use two NIC
instead one? Why? Which problems do you see?