Date: Tue, 4 Jun 2002 09:02:28 -0400 From: "Matthew Emmerton" <matt@gsicomp.on.ca> To: "Scott Pilz" <tech@tznet.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: Sockets Message-ID: <016d01c20bc8$150e7930$1200a8c0@gsicomp.on.ca> References: <20020604073820.X79339-100000@mail.tznet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'll buy whoever can answer this question a drink or two . . > > Story line: You got yourself 4.5-RELEASE, NATD/IPFW acting as a > firewall. Behind the firewall you have a private /16 block of IP > addresses. On the same machine you have 40 public IP addresses. You want > to open particular ports of these 40 ip addresses (not the same ports per > ip address) and then forward all data coming to those ports to one of the > private IP addresses in the /16 bit IP block. > > INETD falls short of doing this. I understand you can launch INETD > with command lines to bind itself to one particular IP address, but having > 40 different copies of INETD running isn't wise (this is an assumption, > probably a good one). You can easily setup INETD to point to SOCKET(1) > and it will work - so in essence setting up 40 different INETD servers > binded to each IP address WOULD work but I think this would be silly. I don't know who suggested this, but it's not the solution you need. > IPFW w/ NATD lacks any really good forward options - heck, it's > hard to get it to even work properly (and my understanding is that it > doesn't have support for forwarding UDP connections either which is a > must). So, here is my question: INETD alternatives that can handle what I > want this puppy to do? Or anyone find any way around this? I object! natd has a ton of forwarding options. In your case, all you need to do is use natd's redirect_port option. The best way to do what you want to do is like this: In /etc/rc.conf: natd_enable="YES" natd_interface="xxx" <- replace with your interface natd_flags="-f /etc/natd.conf" In /etc/natd.conf: redirect_port udp 10.0.0.1:100 A.B.C.1:100 ... redirect_port udp 10.0.0.40:140 A.B.C.40:140 This will redirect ports 100-140 on the 40 public addresses to port 100-140 on the private addresses. I do this all the time on some of my enterprise firewall/NAT boxes to forward ports for various purposes. If you have any problems, feel free to contact me directly. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016d01c20bc8$150e7930$1200a8c0>