Port-forwarding with IPFW / natd
Randy Bush
randy at psg.com
Wed Oct 28 03:20:47 UTC 2009
> Using natd (or ipfw nat) has the ability to manipulate the IP address
> and ports of a packet. The fwd capability in ipfw does not modify the
> layer 3 headers, but instead short-circuits the next-hop logic. Take a
> look at the fwd description in ipfw(8).
>
> I would recommend using the ipfw built-in nat support (search for NAT in
> ipfw(8)) instead of the old-style divert solution. As I understand it,
> divert has overhead related to copying the packets to and from userland,
> which is unnecessary when using the in-kernel implementation.
i keep circling this area too. my problem is that i use the nat of ppp
for the external pppoe. but i want to redirect inbound ssh to a
particular server.
randy
More information about the freebsd-net
mailing list