From owner-freebsd-ipfw@FreeBSD.ORG  Sat Jun 29 00:30:56 2013
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 1D637899;
 Sat, 29 Jun 2013 00:30:56 +0000 (UTC)
 (envelope-from pprocacci@datapipe.com)
Received: from EXFESMQ03.datapipe-corp.net (exfesmq03.datapipe.com
 [64.27.120.67]) by mx1.freebsd.org (Postfix) with ESMTP id DA25C1DD4;
 Sat, 29 Jun 2013 00:30:55 +0000 (UTC)
Received: from nat.myhome (192.168.128.103) by EXFESMQ03.datapipe-corp.net
 (192.168.128.28) with Microsoft SMTP Server (TLS) id 14.2.318.4; Fri, 28 Jun
 2013 20:29:40 -0400
Date: Fri, 28 Jun 2013 19:29:59 -0500
From: "Paul A. Procacci" <pprocacci@datapipe.com>
To: Sami Halabi <sodynet1@gmail.com>
Subject: Re: DNAT in freebsd
Message-ID: <20130629002959.GB20376@nat.myhome>
References: <CAEW+ogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAEW+ogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Originating-IP: [192.168.128.103]
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>,
 "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jun 2013 00:30:56 -0000

> Hi, (sorry for sending again, the last email was with wrong subject)
> I would like to perform a full dnat/snat as in iptbles in:
> linux-ip.net/html/nat-dnat.html
> How it can be done in fbsd, I use ipfw.
>
> I seeked natd man page but its translation, and thr proxy_rule is for
> specefic port, not a whole transparancy.
>

Using in-kernel nat is probably a better choice IMHO.

read `man ipfw(8)`

The section labeled EXAMPLES has exactly what you need.
Here is a snippet from the manpage to get you started:

-------------------------------
<!--snip-->

Then to configure nat instance 123 to alias all the outgoing traffic with
ip 192.168.0.123, blocking all incoming connections, trying to keep same
ports on both sides, clearing aliasing table on address change and keep-
ing a log of traffic/link statistics:

    ipfw nat 123 config ip 192.168.0.123 log deny_in reset same_ports

<!--snip-->

           ipfw nat 123 config redirect_addr 10.0.0.1 10.0.0.66
                           redirect_port tcp 192.168.0.1:80 500
                           redirect_proto udp 192.168.1.43 192.168.1.1
                           redirect_addr 192.168.0.10,192.168.0.11
                                   10.0.0.100 # LSNAT
                           redirect_port tcp 192.168.0.1:80,192.168.0.10:22
                                   500        # LSNAT

<!--snip-->
-------------------------------


~Paul

________________________________

This message may contain confidential or privileged information. If you are=
 not the intended recipient, please advise us immediately and delete this m=
essage. See http://www.datapipe.com/legal/email_disclaimer/ for further inf=
ormation on confidentiality and the risks of non-secure electronic communic=
ation. If you cannot access these links, please notify us by reply message =
and we will send the contents to you.