From owner-freebsd-questions@FreeBSD.ORG Wed May 31 14:50:26 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 754D716AF9E for ; Wed, 31 May 2006 14:50:26 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1948843D53 for ; Wed, 31 May 2006 14:50:26 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 22671 invoked from network); 31 May 2006 14:50:25 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 31 May 2006 14:50:25 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id D25E02844A; Wed, 31 May 2006 10:50:24 -0400 (EDT) To: ss650120@ms10.hinet.net References: <000c01c683d8$ca03a950$c80a738c@yatung> From: Lowell Gilbert Date: Wed, 31 May 2006 10:50:24 -0400 In-Reply-To: <000c01c683d8$ca03a950$c80a738c@yatung> (=?big5?B?uLOm9sBz?= =?big5?B?J3M=?= message of "Tue, 30 May 2006 19:04:13 +0800") Message-ID: <443beq1c5r.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: I have some questions about natd and firewall....^_^||| X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 May 2006 14:50:27 -0000 =B8=B3=A6=F6=C0s writes: > Hello: > My English is not good. I am sorry about this first. ~_~ You made yourself clear. Better than "good enough." > My system: FreeBSD + IPFW + NAT > > Question 1: about NAT (in FreeBSD) > I built a "natd.conf" and it's contents are below: > redirect_address 192.168.0.1 140.115.10.22 > > I have 2 computers in the LAN: 192.168.0.200 and=20 > 192.168.0.201. > The redirect rule (above) will affect any connection whic= h=20 > destination is 140.115.10.22. > But, I don't want this rule to redirect the packets sent= =20 > from 192.168.0.200.(ie. This rule will affect all nodes inside the LAN bu= t=20 > 192.168.0.200) Can I make it? Yes. What you do is make sure that packets from that address don't get sent to the divert socket in your ipfw ruleset. For example, you could use a "skipto" rule before the divert rule. > Question 2: about Firewall (in FreeBSD) > Is there any argument in IPFW just like the function of t= he=20 > "redirect_address" in NAT can be used? If it is, I think it may can solve= =20 > the above problem. Not exactly. You can use a "fwd" rule, but the destination IP address won't be changed. The machine you forward to won't accept the packets because its address isn't 140.115.10.22. --=20 Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/