Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Oct 2009 12:20:45 +0900
From:      Randy Bush <randy@psg.com>
To:        Chris Cowart <ccowart@rescomp.berkeley.edu>
Cc:        freebsd-net@freebsd.org, remodeler <remodeler@alentogroup.org>
Subject:   Re: Port-forwarding with IPFW / natd
Message-ID:  <m28wew8ar6.wl%randy@psg.com>
In-Reply-To: <20091027231434.GC11723@hal.rescomp.berkeley.edu>
References:  <20091027224716.M1459@alentogroup.org> <20091027231434.GC11723@hal.rescomp.berkeley.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
> Using natd (or ipfw nat) has the ability to manipulate the IP address
> and ports of a packet. The fwd capability in ipfw does not modify the
> layer 3 headers, but instead short-circuits the next-hop logic. Take a
> look at the fwd description in ipfw(8).
> 
> I would recommend using the ipfw built-in nat support (search for NAT in
> ipfw(8)) instead of the old-style divert solution. As I understand it,
> divert has overhead related to copying the packets to and from userland,
> which is unnecessary when using the in-kernel implementation.

i keep circling this area too.  my problem is that i use the nat of ppp
for the external pppoe.  but i want to redirect inbound ssh to a
particular server.

randy



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m28wew8ar6.wl%randy>