Date: Tue, 29 Nov 2005 13:07:27 +0000 From: Brian Candler <B.Candler@pobox.com> To: asko <asko_nospam@ultrasoft.ee> Cc: freebsd-net@freebsd.org Subject: Re: natd redirected ports from LAN Message-ID: <20051129130727.GA40492@uk.tiscali.com> In-Reply-To: <438C3172.6010806@ultrasoft.ee> References: <438C3172.6010806@ultrasoft.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 29, 2005 at 12:46:10PM +0200, asko wrote: > I'm searching for a better, faster solution.. > Does it exist? Do your constraints allow you switch to 'pf' instead of 'ipfw'? I think you may be able to do it that way. I had a similar situation where I wanted traffic originating from the local host to be processed specially. The case in point was redirection rather than NAT, but the same principles probably apply. Using pf I forced the traffic back through the loopback interface so it was treated as 'incoming' traffic. e.g. see thread around http://lists.freebsd.org/pipermail/freebsd-pf/2005-September/001495.html Maybe in your case you just need two rdr rules: one bound to the internal interface, and one to the external one. I stopped using ipfw several years ago because of a number of issues with NAT, especially some horrible scenarios with multiple external interfaces, IPSEC tunnels, and needing to run multiple instances of natd :-{ Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051129130727.GA40492>