change ipfw/natd > ipf/ipnat (HELP needed)

hugle hugle at vkt.lt
Wed Dec 10 13:25:19 PST 2003 

Hello all *BSD users.
I have a question here for you.
I have a ruleset like :
00200 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6111
00201 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6112
00202 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6113
00203 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6114
00204 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6115
00205 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6116
00206 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6117
00207 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6118
00208 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6119
00210 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 4000
00211 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7787
00212 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7777
00213 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7877
00214 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7887
00215 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 9990
00216 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27005
00217 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27015
00220 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27500
00221 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27501
00222 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27960
00250 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6111
00251 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6112
00252 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6113
00253 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6114
00254 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6115
00255 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6116
00256 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6117
00257 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6118
00258 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6119
00260 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 4000
00261 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7787
00262 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7777
00263 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7877
00264 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7887
00265 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 9990
00266 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27005
00267 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27015
00270 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27500
00271 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27501
00272 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27960
00298 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 53
00299 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 53
00301 divert 8672 ip from 192.168.1.120 to not 192.168.0.0/16
00480 fwd 213.252.192.141 ip from 213.252.192.142 to any
00490 divert 8672 ip from any to 213.252.192.142
00501 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 22
00502 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 25
00503 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 80
00504 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 79
00505 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 80
00506 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 81
00507 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 110
00508 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 113
00509 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 443
00510 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 5050
00511 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 5190
00512 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6667
00513 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 1863
00514 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 2082
00515 divert 8686 tcp from 192.168.0.0/16 to 213.226.139.46 dst-port 7000
00520 divert 8686 icmp from 192.168.0.0/16 to not 192.168.0.0/16
00798 fwd 213.252.192.161 ip from 213.252.192.162 to any
00799 divert 8686 ip from any to 213.252.192.162
00997 divert 8668 ip from 192.168.0.0/16 to not 192.168.0.0/16
00998 fwd 212.59.9.1 ip from 212.59.9.59 to any
00999 divert 8668 ip from any to 212.59.9.59

in my ipfw, and natd rules:
natd -a 212.59.9.59 -p 8668
natd -a 213.252.192.162 -p 8686
natd -a 213.252.192.142 -p 8672
these rules succesfully diverts traffic throught 3 different gateways absed on users destination PORT.
Now the question is, how would i translate it to IPF+IPNAT? 
it is rather difficult to me to do that. so I ask You, to help me to deal with this problem...
Since I tried many times to do that..
but the result I came up is that after addind ipf/ipnat rules my PC hangs up after 3-10 minutes ;))

So maybe could someone give me example on how to use 2 gateways using ipfilter?

Thank you very much!
Jarek

More information about the freebsd-ipfw mailing list