Re: IPFW Firewall NAT inbound port-redirect

From: Michael Sierchio ku...@tenebras.com To: Dan Nelson dnel...@allantgroup.com Cc: Bill Tillman btillma...@yahoo.com; freebsd-questions@freebsd.org Sent: Tue, July 12, 2011 6:35:19 PM Subject: Re: IPFW Firewall NAT inbound port-redirect We're not talking

Re: IPFW Firewall NAT inbound port-redirect

: Re: IPFW Firewall NAT inbound port-redirect We're not talking about natd.  The question was about the use of ipfirewall nat. On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (Jul 12), Michael Sierchio said: Is there a way of specifying

Re: IPFW Firewall NAT inbound port-redirect

Michael Sierchio wrote: I'm familiar with natd since its appearance. I was unclear on the ipfirewall nat syntax, since there is no syntax definition in the man page. It's true the man page is already too large, but some examples (somewhere) would be nice. Marshaling packets into userland

Re: IPFW Firewall NAT inbound port-redirect

Mike - You're confused. natd is still a userland process that works via divert sockets. ipfirewall nat is an extension to ipfirewall (ipfw is the userland control program to modify the rulesets, nat config, tables, etc.). - Michael On Tue, Jul 12, 2011 at 11:51 PM, Michael Powell

Re: IPFW Firewall NAT inbound port-redirect

OK - I'm confused. Could be all the top posting. ;-) testbed# man ipfw Formatting page, please wait...Done. IPFW(8) FreeBSD System Manager's Manual IPFW(8) NAME ipfw -- User interface for firewall, traffic shaper, packet scheduler, in-kernel NAT.

Re: IPFW Firewall NAT inbound port-redirect

From: Dan Nelson dnel...@allantgroup.com To: Michael Sierchio ku...@tenebras.com Cc: freebsd-questions@freebsd.org Sent: Mon, July 11, 2011 1:07:31 PM Subject: Re: IPFW Firewall NAT inbound port-redirect In the last episode (Jul 11), Michael Sierchio said

Re: IPFW Firewall NAT inbound port-redirect

: From: Dan Nelson dnel...@allantgroup.com To: Michael Sierchio ku...@tenebras.com Cc: freebsd-questions@freebsd.org Sent: Mon, July 11, 2011 1:07:31 PM Subject: Re: IPFW Firewall NAT inbound port-redirect In the last episode (Jul 11), Michael Sierchio said: Sorry

Re: IPFW Firewall NAT inbound port-redirect

In the last episode (Jul 12), Michael Sierchio said: Is there a way of specifying a particular public address if there is more than one bound to the external interface? A la nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1: Yes; the redirect_port syntax

Re: IPFW Firewall NAT inbound port-redirect

We're not talking about natd. The question was about the use of ipfirewall nat. On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (Jul 12), Michael Sierchio said: Is there a way of specifying a particular public address if there is more than one

Re: IPFW Firewall NAT inbound port-redirect

In the last episode (Jul 12), Michael Sierchio said: On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (Jul 12), Michael Sierchio said: Is there a way of specifying a particular public address if there is more than one bound to the external

IPFW Firewall NAT inbound port-redirect

Sorry for the naive question, but most of my old rulesets still use natd, and I've only used built-in nat for outbound traffic. I'd like to redirect certain ports on certain addresses to the same ports on internal (RFC1918) addresses. The examples in the man page aren't helpful, and the handbook