Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jun 2013 19:29:59 -0500
From:      "Paul A. Procacci" <pprocacci@datapipe.com>
To:        Sami Halabi <sodynet1@gmail.com>
Cc:        freebsd-ipfw <freebsd-ipfw@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject:   Re: DNAT in freebsd
Message-ID:  <20130629002959.GB20376@nat.myhome>
In-Reply-To: <CAEW%2BogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
References:  <CAEW%2BogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Hi, (sorry for sending again, the last email was with wrong subject)
> I would like to perform a full dnat/snat as in iptbles in:
> linux-ip.net/html/nat-dnat.html
> How it can be done in fbsd, I use ipfw.
>
> I seeked natd man page but its translation, and thr proxy_rule is for
> specefic port, not a whole transparancy.
>

Using in-kernel nat is probably a better choice IMHO.

read `man ipfw(8)`

The section labeled EXAMPLES has exactly what you need.
Here is a snippet from the manpage to get you started:

-------------------------------
<!--snip-->

Then to configure nat instance 123 to alias all the outgoing traffic with
ip 192.168.0.123, blocking all incoming connections, trying to keep same
ports on both sides, clearing aliasing table on address change and keep-
ing a log of traffic/link statistics:

    ipfw nat 123 config ip 192.168.0.123 log deny_in reset same_ports

<!--snip-->

           ipfw nat 123 config redirect_addr 10.0.0.1 10.0.0.66
                           redirect_port tcp 192.168.0.1:80 500
                           redirect_proto udp 192.168.1.43 192.168.1.1
                           redirect_addr 192.168.0.10,192.168.0.11
                                   10.0.0.100 # LSNAT
                           redirect_port tcp 192.168.0.1:80,192.168.0.10:22
                                   500        # LSNAT

<!--snip-->
-------------------------------


~Paul

________________________________

This message may contain confidential or privileged information. If you are=
 not the intended recipient, please advise us immediately and delete this m=
essage. See http://www.datapipe.com/legal/email_disclaimer/ for further inf=
ormation on confidentiality and the risks of non-secure electronic communic=
ation. If you cannot access these links, please notify us by reply message =
and we will send the contents to you.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130629002959.GB20376>