On Sat, 10 Mar 2012 at 14:05:11, Da Rock wrote: > On 03/10/12 19:47, Julian Elischer wrote: >> On 3/9/12 6:39 AM, Da Rock wrote: >>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I >>> believe) was using 4.3. I'm now attempting to use IPFW for some tests >>> (and hopefully move to production), and I'm trying to determine how I >>> would setup binat using IPFW; or even if its possible at all. >>> >>> I've been hunting some more in depth documentation, but it appears to >>> be scarce/not definitive. I suspect using the modes in libalias such >>> as "use same ports" and "reverse" might be able to do what I'm looking >>> for? >>> >>> Any clarity much appreciated. >> >> well of course >> man ipfw is the basis.. >> >> since you don't give any hints as to what you want to do that is not >> in /etc/rc.firewall, >> it is hard to know how to help you.. > I think that is the fundamental problem: I defined what I was doing but > the terms are foreign, ergo the man doesn't show it either. > > Binat is defined in pf, so I used the terminology thinking it would just > click. Apparently not :) Binat is 1:1 natting to and from a client > behind a firewall (according to pf), so binat nats traffic from the > client and from the external network. For all intents and purposes it > appears the client is actually on the external network, with the added > benefit that only the ports needed can be natted, and others can be > diverted elsewhere. > > I'm using it for voip currently (and vpn on the same client): voip > requires 5060 remote _and_ connection ports, and needs to be forwarded > as is (excepting ip address) and not appear to be natted os as not to > confuse the client. VPN uses 500/4500 and requires an untouched packet > payload (ipsec). > > Are there any sources for documentation on the advanced uses of ipfw? I > stumbled on just one that goes into more detail so far > http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO.
You are describing static NAT I believe. I use: $cmd nat 10 config ip <external IP1> same_ports \ redirect_addr 172.16.10.101 <external IP2> \ redirect_addr 172.16.0.75 <external IP3> Also look at redirect_port. -- Regards, T. Koeman, MTh/BSc/BPsy; Technical Monk MediaMonks B.V. (www.mediamonks.com) Please quote relevant replies in correspondence.
smime.p7s
Description: S/MIME cryptographic signature
