Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Mar 2001 11:36:07 -0600 (CST)
From:      Nick Rogness <nick@rogness.net>
To:        Jeremy Keith <jkeith@monarch.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: IPFW + NATD Grouping
Message-ID:  <Pine.BSF.4.21.0103141108020.34738-100000@cody.jharris.com>
In-Reply-To: <000001c0ac9e$de999030$a000000a@monarch.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Mar 2001, Jeremy Keith wrote:

> I'm currently using NATD and port forwarding into my internal home
> network. Is it possible to redirect incoming based on source?  eg.  
> My wife and I have PC Anywhere which we like to connect to our own
> computers.
> 
> Is it possible that when my wife trys to connect from her work, it
> sees the ip she's coming from and redirects the pcanywhere port to her
> machine.  And when I connect from my work it redirects it to my
> computer becuase of my source?
> 

	You could, but it would probably be easier to redirect based on
	destination address or port.  I have examples of both below.  I
	couldn't remember what the ports were for PC ANywhere so I assumed
	it was 5632 tcp...


> I realize I could add another public IP on the box and do it that way, but
> I'm wondering if theres a way to do this with one IP?

	Yes.

  Example 1 (Destination based natd setup):

	Use natd's redirect_port option to send it to the proper
	machine.  Here is an example:

	//In /etc/natd.conf:

	interface ep0
	port 8668
	redirect_port tcp 192.168.1.10:5632 5632
	redirect_port tcp 192.168.1.11:5632 6001


	Where your machine is 192.168.1.10 (inside).  Your wife's machine
	is 192.168.1.11.  She will have to configure her PC Anywhere
	client to connect to her machine at home with port 6001.  Your
	client does not need any reconfiguring.

	Then:

	natdserver# natd -f /etc/natd.conf

  Example 2 (Source based natd setup):

	If you wanted to use source based natd stuff, you can it is just a
	bit more complicated.  You would need to run 2 different
	natd's. Each with a similar (not exactly) natd.conf files
	above.  The with ipfw you could do:

	// Your ipfw entry (your work machine is A.A.A.A)
	# ipfw add 50 divert natd ip from A.A.A.A to any in via ep0
	# ipfw add 51 divert natd ip from any to A.A.A.A out via ep0

	// Your wife's ipfw entry (her work machine is B.B.B.B)
	# ipfw add 150 divert natd2 ip from B.B.B.B to any in via ep0
	# ipfw add 151 divert natd2 ip from any to B.B.B.B out via ep0
	
	// Normal natd traffic
	# ipfw add 200 divert natd ip from any to any via ep0

	And that's just the ipfw stuff.  You still need to setup the
	natd.conf files and natd2 in /etc/services before this will work.

	If you need more help let us know!

Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103141108020.34738-100000>