From owner-freebsd-pf@FreeBSD.ORG Sat Mar 24 13:33:00 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F32DC16A400 for ; Sat, 24 Mar 2007 13:32:59 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id B76AD13C458 for ; Sat, 24 Mar 2007 13:32:59 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7d86.q.ppp-pool.de [89.53.125.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 366B512883F; Sat, 24 Mar 2007 14:32:53 +0100 (CET) Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 6B3EF114E8; Sat, 24 Mar 2007 14:32:45 +0100 (CET) Message-ID: <4605287C.5060901@vwsoft.com> Date: Sat, 24 Mar 2007 14:32:44 +0100 From: Volker User-Agent: Thunderbird 1.5.0.10 (X11/20070306) MIME-Version: 1.0 To: Gilberto Villani Brito References: <6e6841490703230537h79669db8u4c831965fc398fcd@mail.gmail.com> In-Reply-To: <6e6841490703230537h79669db8u4c831965fc398fcd@mail.gmail.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: "FreeBSD \(PF\)" Subject: Re: Nat and rdr. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Mar 2007 13:33:00 -0000 Gilberto, On 12/23/-58 20:59, Gilberto Villani Brito wrote: > Hi, > I need make nat and rdr for my conections from lo0 of my firewall. > I have those rules: > rdr on { em0 em1 lo0 } proto icmp from any to 200.250.0.1 -> 192.168.0.2 > nat on { em0 em1 lo0 } from 192.168.0.2 to any -> 200.250.0.1 > > When I tray ping ip 200.250.0.1 from my firewall, it tray the default gw. > I would like it make a nat and ping the ip 192.168.0.2. Is it possible?? > It would help if we knew a bit more about your setup (which interface is external, which is internal). But I'm unable to imagine how useful it might be to NAT traffic on the loopback interface. Your current rdr rules will not work as you think it should. For example there should never be a packet going through lo0 with a destination address of 200.250.0.1. Also NATing on the internal interface (and lo0) with the IP address of your external interface might give you strange results. Greetings, Volker