Date: Tue, 12 Jul 2011 08:43:08 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Bill Tillman <btillman99@yahoo.com> Cc: Dan Nelson <dnelson@allantgroup.com>, freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect Message-ID: <CAHu1Y725TGa8D=TQCKa7VQYDVAFLoABdFOZ%2BJwnMOBck0gWzyA@mail.gmail.com> In-Reply-To: <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> References: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com> <20110711170729.GG6611@dan.emsphone.com> <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Is there a way of specifying a particular public address if there is more than one bound to the external interface? A la nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1:2222 ? On Tue, Jul 12, 2011 at 5:19 AM, Bill Tillman <btillman99@yahoo.com> wrote: > > > ________________________________ > From: Dan Nelson <dnelson@allantgroup.com> > To: Michael Sierchio <kudzu@tenebras.com> > Cc: freebsd-questions@freebsd.org > Sent: Mon, July 11, 2011 1:07:31 PM > Subject: Re: IPFW Firewall NAT inbound port-redirect > > In the last episode (Jul 11), Michael Sierchio said: >> Sorry for the naive question, but most of my old rulesets still use >> natd, and I've only used built-in nat for outbound traffic.=A0 I'd like >> to redirect certain ports on certain addresses to the same ports on >> internal (RFC1918) addresses.=A0 The examples in the man page aren't >> helpful, and the handbook still seems very natd-centric in its >> examples.=A0 Thanks in advance. > > I use this at the top of my /etc/ipfw.conf file (re0.2 is the interface > corresponding to my internet connection) : > > nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 22 > add nat 123 ip from any to any via re0.2 > > , which redirects incoming port 22 connections to 10.0.0.3.=A0 If you wan= t to > redirect more ports, add more "redirect_port tcp host:port port" expressi= ons > to the end of your nat line.=A0 I believe you can run the nat config comm= and > manually with a new list (as in "ipfw nat 123 ...") to add/remove entries > dynamically.=A0 I'm not at home to try it, and don't want to risk losing = my > remote connection if I mess up :) > > -- > =A0=A0=A0 Dan Nelson > =A0=A0=A0 dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > I have used IPFW for many years now. As for forwarding traffic from your > gateway to internal machines I've always used the following in my > /etc/natd.conf file: > > dynamic > redirect_port tcp 10.0.0.254:80 80 # Apache Webserver inside my LAN > redirect_port udp 10.0.0.214:1194 1194 # OpenVPN Port > redirect_port tcp 10.0.0.213:443 443=A0=A0 # OpenVPN Port > > Of course you will need a line like this in your /etc/rc.conf to get natd= to > read this file: > > natd_flags=3D"-f /etc/natd.conf" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y725TGa8D=TQCKa7VQYDVAFLoABdFOZ%2BJwnMOBck0gWzyA>