3

I have two networks: 10.0.0.0/24 and 10.1.1.1/24.

Default gateway to the Internet is 10.1.1.1 and my gateway system gets assigned 10.1.1.20 on the external interface and has 10.0.0.1 on the internal interface.

I don't want to run a firewall or have a pf or ipfw ruleset - I just want a simple gateway between the two networks.

My config in rc.conf contains:

gateway_enable="yes" static_routes="route1" route_route1="-net 10.0.0.0/24 10.1.10.1"

With this configuration, the gateway itself is connected to the Internet and works properly - but all of the internal 10.0.0.0/24 hosts have no connectivity.

I'd really like to have a dead simple gateway with nothing but gateway_enable="yes" and a single, static route ... but I wonder if this is not possible because both networks are non-routable, private address space ?

Do I require NAT in this situation, or is it possible to have a simple router with no NAT or firewall config ?

Thank you.

user227963
  • 209
  • 1
  • 2
  • 11
  • You should probably include a diagram. It's not clear whether both of these networks are administered by you. What device is 10.1.1.1 and does it know anything about 10.0.0.0/24? – Richard Smith Dec 08 '17 at 10:00
  • The 10.1.1.1 is a cable modem that I don't think I can administer or add routes to ... – user227963 Dec 08 '17 at 18:43
  • I think that the answer to you question is that you will need to use a 2nd NAT. Routes are bidirectional. You can use default routes to point towards the Internet, but every node needs to understand how to route the packets back in the reciprocal direction. – Richard Smith Dec 08 '17 at 19:51

1 Answers1

1

Your network configuration is not clear. I think that you are missing a route. The internet gateway might be unaware that there is a 10.0.0.0/24 network behind 10.1.1.20. If you can check the internet gateway configuration and add a static route to 10.0.0.0/24 via 10.1.1.20 you will not need any NAT. Otherwise you will definitely need to enable NAT on your gateway.

Px2016
  • 109
  • 4
  • The main router is a cable modem that is giving out the 10.1.1.0/24 addresses and I don't think I have any ability to add a route to it. So in order to have a very simple gateway without NAT I need to set up a route on the downstream gateway .... thanks. – user227963 Dec 08 '17 at 18:41