Date: Tue, 12 Jul 2011 05:19:25 -0700 (PDT) From: Bill Tillman <btillman99@yahoo.com> To: Dan Nelson <dnelson@allantgroup.com>, Michael Sierchio <kudzu@tenebras.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect Message-ID: <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> In-Reply-To: <20110711170729.GG6611@dan.emsphone.com> References: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com> <20110711170729.GG6611@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A=0A=0A=0A=0A________________________________=0AFrom: Dan Nelson <dnelson= @allantgroup.com>=0ATo: Michael Sierchio <kudzu@tenebras.com>=0ACc: freebsd= -questions@freebsd.org=0ASent: Mon, July 11, 2011 1:07:31 PM=0ASubject: Re:= IPFW Firewall NAT inbound port-redirect=0A=0AIn the last episode (Jul 11),= Michael Sierchio said:=0A> Sorry for the naive question, but most of my ol= d rulesets still use=0A> natd, and I've only used built-in nat for outbound= traffic.=A0 I'd like=0A> to redirect certain ports on certain addresses to= the same ports on=0A> internal (RFC1918) addresses.=A0 The examples in the= man page aren't=0A> helpful, and the handbook still seems very natd-centri= c in its=0A> examples.=A0 Thanks in advance.=0A=0AI use this at the top of = my /etc/ipfw.conf file (re0.2 is the interface=0Acorresponding to my intern= et connection) :=0A=0Anat 123 config if re0.2 log same_ports redirect_port = tcp 10.0.0.3:22 22 =0Aadd nat 123 ip from any to any via re0.2=0A=0A, which= redirects incoming port 22 connections to 10.0.0.3.=A0 If you want to=0Are= direct more ports, add more "redirect_port tcp host:port port" expressions= =0Ato the end of your nat line.=A0 I believe you can run the nat config com= mand=0Amanually with a new list (as in "ipfw nat 123 ...") to add/remove en= tries=0Adynamically.=A0 I'm not at home to try it, and don't want to risk l= osing my=0Aremote connection if I mess up :)=0A=0A-- =0A=A0=A0=A0 Dan Nelso= n=0A=A0=A0=A0 dnelson@allantgroup.com=0A___________________________________= ____________=0Afreebsd-questions@freebsd.org mailing list=0Ahttp://lists.fr= eebsd.org/mailman/listinfo/freebsd-questions=0ATo unsubscribe, send any mai= l to "freebsd-questions-unsubscribe@freebsd.org"=0A=0A=0A=0AI have used IPF= W for many years now. As for forwarding traffic from your gateway =0Ato int= ernal machines I've always used the following in my /etc/natd.conf file:=0A= =0Adynamic=0Aredirect_port tcp 10.0.0.254:80 80 # Apache Webserver inside m= y LAN=0Aredirect_port udp 10.0.0.214:1194 1194 # OpenVPN Port=0Aredirect_po= rt tcp 10.0.0.213:443 443=A0=A0 # OpenVPN Port=0A=0AOf course you will need= a line like this in your /etc/rc.conf to get natd to =0Aread this file:=0A= =0Anatd_flags=3D"-f /etc/natd.conf"=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1310473165.58370.YahooMailRC>