From owner-freebsd-questions Tue Jun 4 6: 2:36 2002 Delivered-To: freebsd-questions@freebsd.org Received: from tomts20-srv.bellnexxia.net (tomts20.bellnexxia.net [209.226.175.74]) by hub.freebsd.org (Postfix) with ESMTP id BA16B37B401 for ; Tue, 4 Jun 2002 06:02:30 -0700 (PDT) Received: from xena.gsicomp.on.ca ([65.95.179.11]) by tomts20-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20020604130229.CZUB25296.tomts20-srv.bellnexxia.net@xena.gsicomp.on.ca>; Tue, 4 Jun 2002 09:02:29 -0400 Received: from hermes (hermes.gsicomp.on.ca [192.168.0.18]) by xena.gsicomp.on.ca (8.11.3/8.11.3) with SMTP id g54Bmdb56643; Tue, 4 Jun 2002 07:48:40 -0400 (EDT) (envelope-from matt@gsicomp.on.ca) Message-ID: <016d01c20bc8$150e7930$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Scott Pilz" , References: <20020604073820.X79339-100000@mail.tznet.com> Subject: Re: Sockets Date: Tue, 4 Jun 2002 09:02:28 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I'll buy whoever can answer this question a drink or two . . > > Story line: You got yourself 4.5-RELEASE, NATD/IPFW acting as a > firewall. Behind the firewall you have a private /16 block of IP > addresses. On the same machine you have 40 public IP addresses. You want > to open particular ports of these 40 ip addresses (not the same ports per > ip address) and then forward all data coming to those ports to one of the > private IP addresses in the /16 bit IP block. > > INETD falls short of doing this. I understand you can launch INETD > with command lines to bind itself to one particular IP address, but having > 40 different copies of INETD running isn't wise (this is an assumption, > probably a good one). You can easily setup INETD to point to SOCKET(1) > and it will work - so in essence setting up 40 different INETD servers > binded to each IP address WOULD work but I think this would be silly. I don't know who suggested this, but it's not the solution you need. > IPFW w/ NATD lacks any really good forward options - heck, it's > hard to get it to even work properly (and my understanding is that it > doesn't have support for forwarding UDP connections either which is a > must). So, here is my question: INETD alternatives that can handle what I > want this puppy to do? Or anyone find any way around this? I object! natd has a ton of forwarding options. In your case, all you need to do is use natd's redirect_port option. The best way to do what you want to do is like this: In /etc/rc.conf: natd_enable="YES" natd_interface="xxx" <- replace with your interface natd_flags="-f /etc/natd.conf" In /etc/natd.conf: redirect_port udp 10.0.0.1:100 A.B.C.1:100 ... redirect_port udp 10.0.0.40:140 A.B.C.40:140 This will redirect ports 100-140 on the 40 public addresses to port 100-140 on the private addresses. I do this all the time on some of my enterprise firewall/NAT boxes to forward ports for various purposes. If you have any problems, feel free to contact me directly. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message