Date: Tue, 12 Jul 2011 23:17:53 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Bill Tillman <btillman99@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect Message-ID: <CAHu1Y7113W_-Z0ttbaVu7waM177pVWbwB7Mi_wAJOZwoVhSJvg@mail.gmail.com> In-Reply-To: <1310537140.18043.YahooMailRC@web36506.mail.mud.yahoo.com> References: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com> <20110711170729.GG6611@dan.emsphone.com> <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> <CAHu1Y725TGa8D=TQCKa7VQYDVAFLoABdFOZ%2BJwnMOBck0gWzyA@mail.gmail.com> <20110712160304.GI6611@dan.emsphone.com> <CAHu1Y73-M7Ds=zNUDDJboh7_eEPT-uiL6qULBghFJK__NiFKzQ@mail.gmail.com> <1310537140.18043.YahooMailRC@web36506.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm familiar with natd since its appearance. I was unclear on the ipfirewall nat syntax, since there is no syntax definition in the man page. It's true the man page is already too large, but some examples (somewhere) would be nice. Marshaling packets into userland and back into the kernel makes natd much slower than kernel nat. The statement "follow closely the syntax used in natd" is not particularly reassuring, since it doesn't declare that the syntax is identical, and (I am repeating myself, sorry), there is no syntax def in the man page. Thanks, Dan, for explaining. - M On Tue, Jul 12, 2011 at 11:05 PM, Bill Tillman <btillman99@yahoo.com> wrote= : > > > > > > ________________________________ > From: Michael Sierchio <kudzu@tenebras.com> > To: Dan Nelson <dnelson@allantgroup.com> > Cc: Bill Tillman <btillman99@yahoo.com>; freebsd-questions@freebsd.org > Sent: Tue, July 12, 2011 6:35:19 PM > Subject: Re: IPFW Firewall NAT inbound port-redirect > > We're not talking about natd.=A0 The question was about the use of ipfire= wall nat. > > On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson <dnelson@allantgroup.com> wro= te: >> In the last episode (Jul 12), Michael Sierchio said: >>> Is there a way of specifying a particular public address if there is >>> more than one bound to the external interface? =A0A la >>> >>> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 >>>102.10.22.1:2222 >> >> Yes; the redirect_port syntax is described in the natd manpage: >> >> =A0 =A0 redirect_port proto targetIP:targetPORT[-targetPORT] >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 [aliasIP:]aliasPORT[-aliasPORT] >> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 [remoteIP[:remotePORT[-remotePORT]]] >> >> >> >> -- >> =A0 =A0 =A0 =A0Dan Nelson >> =A0 =A0 =A0 =A0dnelson@allantgroup.com >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > NATD and IPFW work together. It's a little hard to explain in this format= so as > Dan suggests, you should read the manpage on each. Also, do some google s= earches > and you will find many helpful articles. But take my word for this, you c= an do > exactly what you want with IPFW+NATD. There are those who will probably p= romote > PF as the firewall of choice as well. It all depends on what you become f= amiliar > with. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y7113W_-Z0ttbaVu7waM177pVWbwB7Mi_wAJOZwoVhSJvg>