From owner-freebsd-stable Mon Feb 5 17:13: 0 2001 Delivered-To: freebsd-stable@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id 4494337B6A2 for ; Mon, 5 Feb 2001 17:12:36 -0800 (PST) Received: from cascade (cascade.veldy.net [192.168.0.1]) by veldy.net (Postfix) with SMTP id 3D12A8C2C for ; Mon, 5 Feb 2001 19:12:05 -0600 (CST) Message-ID: <003801c08fd9$bd0f8500$0100a8c0@cascade> From: "Thomas T. Veldhouse" To: Subject: IPFilter and bimap -vs- natd? Date: Mon, 5 Feb 2001 19:11:30 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0035_01C08FA7.72613EE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0035_01C08FA7.72613EE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Right now I am using IPFilter and ipnat for my firewall. I just found = out that IPFW now supports stateful rules (how did I miss that - it has = been there for awhile? :) Anyway, I would like to be able to do the = following: 1. I need to redirect port 80 to 3128 for transparent proxying of the = web using Squid. 2. I need to map real IP addresses to my private lan and back again - = so to the outside it appears that a private address is translated to a = public address. Here are my rules for ipnat currently: # run nat for our internal network bimap dc1 192.168.0.2/32 -> x.x.x.x/32 bimap dc1 192.168.0.3/32 -> x.x.x.y/32 bimap dc1 192.168.0.4/32 -> x.x.x.z/32 # redirect all lan web traffic to squid rdr dc0 0/0 port 80 -> 192.168.0.1 port 3128 How can I do the same thing using natd? I have tried "redirect_address" as an option, but it doesn't seem to = work. As a matter of fact, if I use it, NAT seems to quit working = altogether. Thanks in advance, Tom Veldhouse veldy@veldy.net ------=_NextPart_000_0035_01C08FA7.72613EE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Right now I am using IPFilter and ipnat = for my=20 firewall.  I just found out that IPFW now supports stateful rules = (how did=20 I miss that - it has been there for awhile? :)  Anyway, I would = like to be=20 able to do the following:
 
1.  I need to redirect port 80 to = 3128 for=20 transparent proxying of the web using Squid.
2.  I need to map real IP = addresses to my=20 private lan and back again - so to the outside it appears that a private = address=20 is translated to a public address.
 
Here are my rules for ipnat = currently:
 
# run nat for our internal = network
bimap dc1=20 192.168.0.2/32 -> x.x.x.x/32
bimap dc1 192.168.0.3/32 ->=20 x.x.x.y/32
bimap dc1 192.168.0.4/32 -> x.x.x.z/32
 
# redirect all lan web traffic to = squid
rdr dc0=20 0/0 port 80 -> 192.168.0.1 port 3128
 
How can I do the same thing using=20 natd?
 
I have tried "redirect_address" as an = option, but=20 it doesn't seem to work.  As a matter of fact, if I use it, NAT = seems to=20 quit working altogether.
 
Thanks in advance,
 
Tom Veldhouse
veldy@veldy.net
 

 
------=_NextPart_000_0035_01C08FA7.72613EE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message