Hey, guys! How are you?
Well, I've been trying to use FreeBSD as a Gateway to a Local Network, using it as NAT (IPNAT - IPF). After a quick read, I can implement and use it, but I have a question regarding the map, I have been testing it and observing that its action would not be a 1:1 mapping action. Maybe I have this feature and don't know how to implement it. The question is exactly whether the "map" function performs the 1:1 mapping, because according to the rule: map if dc0 100.64.0.0/30 -> 200.200.0.0/30 I do not have this desired result. Using the ipnat -l command, the terminal informs me that the local IP 100.64.0.3 (last IP in the /30 prefix) is not mapped to the last IP in the 200.200.0.0/30 prefix (being 200.200.0.3). Translations are performed on an IP of the prefix (in my case it is the second IP of the prefix, being 200.200.0.1). Would this be normal behavior for "map" or IPNAT?
It is worth noting that any local Private IP will use the same outgoing "Public IP", which in this LAB is 200.200.0.1.
However, I have the /30 prefix addresses in Loopback (it was the only way to make it work in this LAB). I tried putting the entire prefix into BlackHole, but I was unsuccessful! If anyone knows a way to use a Public IP prefix without having to put each /32 address in Loopback, that would help me a lot! I don't want to keep public addresses visible on the Internet and it would also save me Firewall filters.
Well, I've been trying to use FreeBSD as a Gateway to a Local Network, using it as NAT (IPNAT - IPF). After a quick read, I can implement and use it, but I have a question regarding the map, I have been testing it and observing that its action would not be a 1:1 mapping action. Maybe I have this feature and don't know how to implement it. The question is exactly whether the "map" function performs the 1:1 mapping, because according to the rule: map if dc0 100.64.0.0/30 -> 200.200.0.0/30 I do not have this desired result. Using the ipnat -l command, the terminal informs me that the local IP 100.64.0.3 (last IP in the /30 prefix) is not mapped to the last IP in the 200.200.0.0/30 prefix (being 200.200.0.3). Translations are performed on an IP of the prefix (in my case it is the second IP of the prefix, being 200.200.0.1). Would this be normal behavior for "map" or IPNAT?
It is worth noting that any local Private IP will use the same outgoing "Public IP", which in this LAB is 200.200.0.1.
However, I have the /30 prefix addresses in Loopback (it was the only way to make it work in this LAB). I tried putting the entire prefix into BlackHole, but I was unsuccessful! If anyone knows a way to use a Public IP prefix without having to put each /32 address in Loopback, that would help me a lot! I don't want to keep public addresses visible on the Internet and it would also save me Firewall filters.