Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Nov 2014 14:42:08 +0800
From:      Julian Elischer <julian@freebsd.org>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: Questions about ipfw
Message-ID:  <546C3BC0.8090903@freebsd.org>
In-Reply-To: <B56977EE-04D3-4B54-841E-2FAF1E840BED@ramattack.net>
References:  <B56977EE-04D3-4B54-841E-2FAF1E840BED@ramattack.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 11/15/14, 12:13 AM, Egoitz Aurrekoetxea wrote:
> Good afternoon,
>
> I wanted to formulate a couple of questions I’m doing my self some time ago.
>
> 1 - With Linux, Iptables and mod_conntrack_ftp you can allow only connecting to unprivileged port ranges for
> ftp passive mode to ip addresses who have properly established a tcp/21 port connection. Is this possible in
> FreeBSD with ipfw?.
I believe not, though you maybe able to use nat to achieve this as it 
has an ftp module. I
t requires understanding the protocol.. ipfw tries to not know about 
protocols.

> 2.- I am a client A connecting to public ip 1.1.1.1 (for example) of host B. I want this packets at B to be redirected to host C
> but changing the source address of A from that packets with the ip address of B. Later when B receives back the answer of C
> that packets from the answer to be redirected to A changing B destination ip address to A destination ip address. So when telnetting
> from client A to host B for example to port 5000, really, to be telnetting host C port 5000 for example and work this telnet properly from A.
>
> The most important question is number two. Could you help me please?.
this is possibly doable with the NAT module or divert+natd.
We generally do not change the source address, but there are options 
for nat for reverse nating that may help.


>
> Best regards.
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?546C3BC0.8090903>