From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 3 22:07:59 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F8EE16A41B for ; Fri, 3 Aug 2007 22:07:59 +0000 (UTC) (envelope-from rudal999@gmail.com) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.184]) by mx1.freebsd.org (Postfix) with ESMTP id 39A7B13C442 for ; Fri, 3 Aug 2007 22:07:59 +0000 (UTC) (envelope-from rudal999@gmail.com) Received: by rv-out-0910.google.com with SMTP id f1so652554rvb for ; Fri, 03 Aug 2007 15:07:58 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=K+ywQrS93xsBonWTb6Zi2eC9zFytYHd9wT5NkQeVS39f26T0jRoP9NarfnPHvuhe3RdCPtlEL4SB/xV7dCVBuBMp9bMNEaORyaf2ZOD02FCoHp55C859U0eENy+cZfAilwo0df40gWGVznXLWlZW7w6xmmze6qI4Ol9ohch/BR8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rx9z3sLEWF0j0GKI7AVKficaRr5lDp6FrOEsmFy1WPB7toeONDOikx4XUkO4bnH7c3gumGbUXjuZ1Z6C3eTZZOAO4n6uIWta3vVCCoZ6jWyVENARf8YYUq8TDzxzr1UQ/tte+8U99Ex8DBDFHMZiyidltSdO1ksrR+4pauolVTc= Received: by 10.143.162.8 with SMTP id p8mr152827wfo.1186178878411; Fri, 03 Aug 2007 15:07:58 -0700 (PDT) Received: by 10.143.3.6 with HTTP; Fri, 3 Aug 2007 15:07:58 -0700 (PDT) Message-ID: <8b24e4de0708031507y69944e53raefe86e6cba63345@mail.gmail.com> Date: Fri, 3 Aug 2007 15:07:58 -0700 From: "Rudy Setiawan" To: "Julian Elischer" In-Reply-To: <46B38E16.3030001@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8b24e4de0708021606h5bbee266xb3a4814962d26643@mail.gmail.com> <46B2817C.6010609@elischer.org> <8b24e4de0708031120n210f97ebj3f992ad7a757075e@mail.gmail.com> <46B38E16.3030001@elischer.org> Cc: freebsd-ipfw@freebsd.org Subject: Re: redirect traffic based on destination port to another interface X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 22:07:59 -0000 can you run two instances of natd? Thank you. Regards, Rudy On 8/3/07, Julian Elischer wrote: > Rudy Setiawan wrote: > > On 8/2/07, Julian Elischer wrote: > >> Rudy Setiawan wrote: > >>> Hi, > >>> > >>> I am trying to do a traffic redirection based on destination port to > >>> another interface/gateway. > >>> Currently, I have a freebsd box that does simple NAT and an Internet connection. > >>> I am planning to install another internet connection and use the same > >>> box to do some traffic redirection. > >>> > >>> > >>> INTERNET1 -------- freebsd box ------- INTERNET2 > >>> | > >>> | > >>> Local Area Network > >>> > >>> LAN = 192.168.10.0/24 with interface em0 > >>> INTERNET1-GW = x.x.x.1 with em1 > >>> INTERNET2-GW = y.y.y.1 with rl0 > >>> > >>> My goal is to redirect any ssh traffic to INTERNET2-GW and I assume > >>> that if it can be redirected through INTERNET2-GW then the packets > >>> return will go through INTERNET2-GW also. > >>> > >> no, unless you first NAT the packets with the address of that interface. > >> (otherwise the packets will come back through your primary network). > >> if yo have cheep dlink or linksys or whatever DSL routers or whatever with NAT > >> on them then you can use that successfully and just use ipfw 'fwd' rules to select the interface to use. > > > > I see, hmm are you suggesting that the linksys should be placed > > between the freebsd firewall and the internet? Then do a ipfw fwd > > rules to in freebsd to select which interface to go and linksys will > > do all the NAT-ing for those packets respectiveily right? > > exactly > > > > > Thank you. > > > > Regards, > > Rudy > > -- +++++++++ http://foodblog.rudal.com