From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 13 06:17:55 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3CB28106564A
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Jul 2011 06:17:55 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com
	[209.85.218.54])
	by mx1.freebsd.org (Postfix) with ESMTP id F3AC68FC0C
	for <freebsd-questions@freebsd.org>;
	Wed, 13 Jul 2011 06:17:53 +0000 (UTC)
Received: by yic13 with SMTP id 13so1524482yic.13
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Jul 2011 23:17:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.236.79.69 with SMTP id h45mr1006323yhe.342.1310537873510; Tue,
	12 Jul 2011 23:17:53 -0700 (PDT)
Received: by 10.236.202.169 with HTTP; Tue, 12 Jul 2011 23:17:53 -0700 (PDT)
In-Reply-To: <1310537140.18043.YahooMailRC@web36506.mail.mud.yahoo.com>
References: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com>
	<20110711170729.GG6611@dan.emsphone.com>
	<1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com>
	<CAHu1Y725TGa8D=TQCKa7VQYDVAFLoABdFOZ+JwnMOBck0gWzyA@mail.gmail.com>
	<20110712160304.GI6611@dan.emsphone.com>
	<CAHu1Y73-M7Ds=zNUDDJboh7_eEPT-uiL6qULBghFJK__NiFKzQ@mail.gmail.com>
	<1310537140.18043.YahooMailRC@web36506.mail.mud.yahoo.com>
Date: Tue, 12 Jul 2011 23:17:53 -0700
Message-ID: <CAHu1Y7113W_-Z0ttbaVu7waM177pVWbwB7Mi_wAJOZwoVhSJvg@mail.gmail.com>
From: Michael Sierchio <kudzu@tenebras.com>
To: Bill Tillman <btillman99@yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-questions@freebsd.org
Subject: Re: IPFW Firewall NAT inbound port-redirect
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jul 2011 06:17:55 -0000

I'm familiar with natd since its appearance.  I was unclear on the
ipfirewall nat syntax, since there is no syntax definition in the man
page.  It's true the man page is already too large, but some examples
(somewhere) would be nice. Marshaling packets into userland and back
into the kernel makes natd much slower than kernel nat.

The statement "follow closely the syntax used in natd" is not
particularly reassuring, since it doesn't declare that the syntax is
identical, and (I am repeating myself, sorry), there is no syntax def
in the man page.

Thanks, Dan, for explaining.

- M

On Tue, Jul 12, 2011 at 11:05 PM, Bill Tillman <btillman99@yahoo.com> wrote=
:
>
>
>
>
>
> ________________________________
> From: Michael Sierchio <kudzu@tenebras.com>
> To: Dan Nelson <dnelson@allantgroup.com>
> Cc: Bill Tillman <btillman99@yahoo.com>; freebsd-questions@freebsd.org
> Sent: Tue, July 12, 2011 6:35:19 PM
> Subject: Re: IPFW Firewall NAT inbound port-redirect
>
> We're not talking about natd.=A0 The question was about the use of ipfire=
wall nat.
>
> On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson <dnelson@allantgroup.com> wro=
te:
>> In the last episode (Jul 12), Michael Sierchio said:
>>> Is there a way of specifying a particular public address if there is
>>> more than one bound to the external interface? =A0A la
>>>
>>> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22
>>>102.10.22.1:2222
>>
>> Yes; the redirect_port syntax is described in the natd manpage:
>>
>> =A0 =A0 redirect_port proto targetIP:targetPORT[-targetPORT]
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 [aliasIP:]aliasPORT[-aliasPORT]
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 [remoteIP[:remotePORT[-remotePORT]]]
>>
>>
>>
>> --
>> =A0 =A0 =A0 =A0Dan Nelson
>> =A0 =A0 =A0 =A0dnelson@allantgroup.com
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.=
org"
>>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>
>
> NATD and IPFW work together. It's a little hard to explain in this format=
 so as
> Dan suggests, you should read the manpage on each. Also, do some google s=
earches
> and you will find many helpful articles. But take my word for this, you c=
an do
> exactly what you want with IPFW+NATD. There are those who will probably p=
romote
> PF as the firewall of choice as well. It all depends on what you become f=
amiliar
> with.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
>