From owner-freebsd-questions@FreeBSD.ORG Tue Jul 12 15:43:09 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A64FF106564A for ; Tue, 12 Jul 2011 15:43:09 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 6D3E58FC1B for ; Tue, 12 Jul 2011 15:43:09 +0000 (UTC) Received: by qyk38 with SMTP id 38so3291911qyk.13 for ; Tue, 12 Jul 2011 08:43:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.43.166 with SMTP id w38mr68891qce.183.1310485388673; Tue, 12 Jul 2011 08:43:08 -0700 (PDT) Received: by 10.229.241.206 with HTTP; Tue, 12 Jul 2011 08:43:08 -0700 (PDT) In-Reply-To: <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> References: <20110711170729.GG6611@dan.emsphone.com> <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> Date: Tue, 12 Jul 2011 08:43:08 -0700 Message-ID: From: Michael Sierchio To: Bill Tillman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Dan Nelson , freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2011 15:43:09 -0000 Is there a way of specifying a particular public address if there is more than one bound to the external interface? A la nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1:2222 ? On Tue, Jul 12, 2011 at 5:19 AM, Bill Tillman wrote: > > > ________________________________ > From: Dan Nelson > To: Michael Sierchio > Cc: freebsd-questions@freebsd.org > Sent: Mon, July 11, 2011 1:07:31 PM > Subject: Re: IPFW Firewall NAT inbound port-redirect > > In the last episode (Jul 11), Michael Sierchio said: >> Sorry for the naive question, but most of my old rulesets still use >> natd, and I've only used built-in nat for outbound traffic.=A0 I'd like >> to redirect certain ports on certain addresses to the same ports on >> internal (RFC1918) addresses.=A0 The examples in the man page aren't >> helpful, and the handbook still seems very natd-centric in its >> examples.=A0 Thanks in advance. > > I use this at the top of my /etc/ipfw.conf file (re0.2 is the interface > corresponding to my internet connection) : > > nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 22 > add nat 123 ip from any to any via re0.2 > > , which redirects incoming port 22 connections to 10.0.0.3.=A0 If you wan= t to > redirect more ports, add more "redirect_port tcp host:port port" expressi= ons > to the end of your nat line.=A0 I believe you can run the nat config comm= and > manually with a new list (as in "ipfw nat 123 ...") to add/remove entries > dynamically.=A0 I'm not at home to try it, and don't want to risk losing = my > remote connection if I mess up :) > > -- > =A0=A0=A0 Dan Nelson > =A0=A0=A0 dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > I have used IPFW for many years now. As for forwarding traffic from your > gateway to internal machines I've always used the following in my > /etc/natd.conf file: > > dynamic > redirect_port tcp 10.0.0.254:80 80 # Apache Webserver inside my LAN > redirect_port udp 10.0.0.214:1194 1194 # OpenVPN Port > redirect_port tcp 10.0.0.213:443 443=A0=A0 # OpenVPN Port > > Of course you will need a line like this in your /etc/rc.conf to get natd= to > read this file: > > natd_flags=3D"-f /etc/natd.conf" >