From owner-freebsd-hackers  Wed Sep 17 12:56:06 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA05834
          for hackers-outgoing; Wed, 17 Sep 1997 12:56:06 -0700 (PDT)
Received: from blackhole.iceworld.org (griffin@blackhole.iceworld.org [204.246.64.101])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA05743
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 17 Sep 1997 12:55:58 -0700 (PDT)
Received: from localhost (griffin@localhost)
	by blackhole.iceworld.org (8.8.7/8.8.5) with SMTP id OAA01403;
	Wed, 17 Sep 1997 14:55:46 -0500 (CDT)
Date: Wed, 17 Sep 1997 14:55:46 -0500 (CDT)
From: Jimbo Bahooli <griffin@blackhole.iceworld.org>
To: "Alexander B. Povolotsky" <tarkhil@mgt.msk.ru>
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: lets get ipfilter as default 
In-Reply-To: <199709170541.JAA06072@asteroid.mgt.msk.ru>
Message-ID: <Pine.BSF.3.96.970917145305.1376B-100000@blackhole.iceworld.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 17 Sep 1997, Alexander B. Povolotsky wrote:

> > 	Seeing ipfilter sitting in /usr/src/contrib, in a mostly
> Where? I couldn't find it... (2.2.2-RELENG)
> > 	It is clearly better, and if its not integrated because it doesnt
> > work, that is incorrect.  When the first version came out with a freebsd
> > port, proff patched it all up and it worked great.  His patches may still

> BTW, can anyone help me with setting up transparent proxy with ipfilter and it's ipnat?
> 
> Alex.

Make a file called, /etc/ipnat.rules, in it put.

map <dev> <hostmask to proxy> -> <real ip> portmap tcp/udp 40000:60000

So, lets say your localnet is 192.168.0.*, and your real IP is
205.250.3.13, and the device with the ip 205.250.3.13 is de0.

map de0 192.168.0.0/24 -> 205.250.3.13/32 portmap tcp/udp 40000:60000