DNAT in freebsd
Sami Halabi
sodynet1 at gmail.com
Mon Jul 1 07:30:19 UTC 2013
Hi,
I've tried the following:
em1 - ip 10.0.1.1/24
em2 - ip 11.0.3.1/24
route add 11.0.4.0/24 11.0.3.2
ipfw flush
ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1
ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1
ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1
ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1
ipfw nat 1 config same_ports ureg_only ip 11.0.3.1
ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2
what i see in tcpdump and logs is that the rule 1000 converts the ip
correctly
10.0.1.2->10.0.1.1 ==> 11.0.3.1->10.0.1.1
while the 2000 rule does nothing...
Thanks in advance,
Sami
On Sun, Jun 30, 2013 at 11:27 PM, Sami Halabi <sodynet1 at gmail.com> wrote:
> Hi Eugene,
>
> It simply doesn't work for me, the reverse option doesn't work properly
> for me.... it keeps translating the source instead of the destination...
>
>
> On Sun, Jun 30, 2013 at 6:32 PM, Eugene Grosbein <eugen at grosbein.net>wrote:
>
>> On 30.06.2013 18:48, Sami Halabi wrote:
>> > Hi,
>> > I don't understand how reverse mode works exactly, and didn't find a
>> good example.
>> >
>> >
>> > can you try and help on the configuration?
>>
>> Well, that's pretty simple. Generally, NAT translates source IP address
>> of the packet
>> keeping destination IP intact. You need both of source and
>> destination addresses get translated. Reverse NAT translates does,
>> well, reverse thing: it translates destination IP keeping source IP
>> intact.
>> So, you just need setup two ipfw nat instances, one "general" and one
>> "reverse"
>> and pass your packets through both instances.
>>
>> Eugene Grosbein
>>
>>
>>
>
>
> --
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
>
--
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert
More information about the freebsd-net
mailing list