# NAT with one interface



## cybercoder (May 27, 2010)

I searched the forum deeply but didn't find anything useful

i need to use NAT on 1 interface.


```
ipfw add 10 divert natd ip from 192.168.140.0/24 to $valid_IP
```

but it doesn't work!
( kernel compiled correctly and rc.conf is configured )

how can i see NAT table or test NAT?


----------



## SirDice (May 27, 2010)

You can't bounce a connection off of the same interface.


----------



## cybercoder (May 27, 2010)

> You can't bounce a connection off of the same interface.


But i did it on same interface with IPTABLES before, more than 10000000 time!
can't ipfw do it really ?


----------



## DutchDaemon (May 27, 2010)

I think it's possible to NAT on a single interface with the public IP as the primary address and the private IP as an alias, no? Don't use ipfw though. I think pf uses something like:


```
nat on $ext_if from ! $ext_if:0 to any -> $ext_if:0
```


----------



## cybercoder (May 27, 2010)

> I think it's possible to NAT on a single interface with the public IP as the primary address and the private IP as an alias, no? Don't use ipfw though


is purpose of those sentences, i should use NATD directly ?


----------



## DutchDaemon (May 27, 2010)

Maybe experiment with -alias_address instead of -interface (see natd(8)). If you specify the public IP address instead of the interface name you may be able to have RFC1918 addresses on that interface translated to the public IP address. Not tested, as I don't use IPFW. I'm sure someone on here will be able to confirm/deny.


----------



## sixtydoses (May 27, 2010)

I used to configure NAT on a single interface but nothing fancy with my ipfw. Kernel compiled with options 'IPFIREWALL' and 'IPDIVERT'.

My natd service runs against tun0.
`# natd -interface tun0`

And with IP forwarding enabled:
`net.inet.ip.forwarding: 1`

The rest in my /etc/rc.conf (I think..):

```
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="tun0"
natd_flags="
```


----------



## cybercoder (May 27, 2010)

I think i should return to use Fedora or Ubuntu !


----------



## SirDice (May 27, 2010)

What I meant by not being able to bounce off of the same interface is that you cannot redirect an incoming packet back out the same interface. As long as you stay on the same machine it shouldn't be a problem. You _can_ NAT to lo1 i.e. But to be honest I really don't see the point of it. 

Perhaps you can elaborate on what you're trying to archive? There may be far simpler solutions.


----------



## cybercoder (May 28, 2010)

there's only one solutions and i should NAT (overload) a range of invalid ip addresses to a valid ip address,
i'll go to use fedora core!


----------



## SirDice (May 28, 2010)

cybercoder said:
			
		

> there's only one solutions


There are _always_ multiple solutions.



> i'll go to use fedora core!


kthxby


----------



## DutchDaemon (May 28, 2010)

Waste of time. Closed.


----------

