Date: Mon, 11 Jul 2011 12:07:31 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Michael Sierchio <kudzu@tenebras.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect Message-ID: <20110711170729.GG6611@dan.emsphone.com> In-Reply-To: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com> References: <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 11), Michael Sierchio said: > Sorry for the naive question, but most of my old rulesets still use > natd, and I've only used built-in nat for outbound traffic. I'd like > to redirect certain ports on certain addresses to the same ports on > internal (RFC1918) addresses. The examples in the man page aren't > helpful, and the handbook still seems very natd-centric in its > examples. Thanks in advance. I use this at the top of my /etc/ipfw.conf file (re0.2 is the interface corresponding to my internet connection) : nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 22 add nat 123 ip from any to any via re0.2 , which redirects incoming port 22 connections to 10.0.0.3. If you want to redirect more ports, add more "redirect_port tcp host:port port" expressions to the end of your nat line. I believe you can run the nat config command manually with a new list (as in "ipfw nat 123 ...") to add/remove entries dynamically. I'm not at home to try it, and don't want to risk losing my remote connection if I mess up :) -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110711170729.GG6611>