Date: Wed, 31 May 2006 10:50:24 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: ss650120@ms10.hinet.net Cc: freebsd-questions@freebsd.org Subject: Re: I have some questions about natd and firewall....^_^||| Message-ID: <443beq1c5r.fsf@be-well.ilk.org> In-Reply-To: <000c01c683d8$ca03a950$c80a738c@yatung> (=?big5?B?uLOm9sBz?= =?big5?B?J3M=?= message of "Tue, 30 May 2006 19:04:13 %2B0800") References: <000c01c683d8$ca03a950$c80a738c@yatung>
next in thread | previous in thread | raw e-mail | index | archive | help
=B8=B3=A6=F6=C0s <ss650120@ms10.hinet.net> writes: > Hello: > My English is not good. I am sorry about this first. ~_~ You made yourself clear. Better than "good enough." > My system: FreeBSD + IPFW + NAT > > Question 1: about NAT (in FreeBSD) > I built a "natd.conf" and it's contents are below: > redirect_address 192.168.0.1 140.115.10.22 > > I have 2 computers in the LAN: 192.168.0.200 and=20 > 192.168.0.201. > The redirect rule (above) will affect any connection whic= h=20 > destination is 140.115.10.22. > But, I don't want this rule to redirect the packets sent= =20 > from 192.168.0.200.(ie. This rule will affect all nodes inside the LAN bu= t=20 > 192.168.0.200) Can I make it? Yes. What you do is make sure that packets from that address don't get sent to the divert socket in your ipfw ruleset. For example, you could use a "skipto" rule before the divert rule. > Question 2: about Firewall (in FreeBSD) > Is there any argument in IPFW just like the function of t= he=20 > "redirect_address" in NAT can be used? If it is, I think it may can solve= =20 > the above problem. Not exactly. You can use a "fwd" rule, but the destination IP address won't be changed. The machine you forward to won't accept the packets because its address isn't 140.115.10.22. --=20 Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?443beq1c5r.fsf>