DNAT in freebsd

Sami Halabi sodynet1 at gmail.com
Sat Jun 29 06:50:15 UTC 2013 

I think I was misunderstood...
Here is the situation i want to handle:
My box is a router that handles several /24 behind.
One of my links (em0) is connected to a private network 192.168.0.1 is me,
my neighbour is 192.168.0.2.
I want to make that any connection comes to 192.168.0.1  to go to ip
193.xxx.yyy.2 using specific public ip 84.xx.yy.1
And packets comming to my public 84.xx.yy.1 ip to be trsnslated as came
from 192.168.0.1 and sent to 192.168.0.2/or ant other ips
behind(192.168.1.xx/24).

Hope that makes it clearer, and I appreciate any help.

Sami
בתאריך 29 ביונ 2013 03:30, מאת "Paul A. Procacci" <pprocacci at datapipe.com>:

> > Hi, (sorry for sending again, the last email was with wrong subject)
> > I would like to perform a full dnat/snat as in iptbles in:
> > linux-ip.net/html/nat-dnat.html
> > How it can be done in fbsd, I use ipfw.
> >
> > I seeked natd man page but its translation, and thr proxy_rule is for
> > specefic port, not a whole transparancy.
> >
>
> Using in-kernel nat is probably a better choice IMHO.
>
> read `man ipfw(8)`
>
> The section labeled EXAMPLES has exactly what you need.
> Here is a snippet from the manpage to get you started:
>
> -------------------------------
> <!--snip-->
>
> Then to configure nat instance 123 to alias all the outgoing traffic with
> ip 192.168.0.123, blocking all incoming connections, trying to keep same
> ports on both sides, clearing aliasing table on address change and keep-
> ing a log of traffic/link statistics:
>
>     ipfw nat 123 config ip 192.168.0.123 log deny_in reset same_ports
>
> <!--snip-->
>
>            ipfw nat 123 config redirect_addr 10.0.0.1 10.0.0.66
>                            redirect_port tcp 192.168.0.1:80 500
>                            redirect_proto udp 192.168.1.43 192.168.1.1
>                            redirect_addr 192.168.0.10,192.168.0.11
>                                    10.0.0.100 # LSNAT
>                            redirect_port tcp 192.168.0.1:80,
> 192.168.0.10:22
>                                    500        # LSNAT
>
> <!--snip-->
> -------------------------------
>
>
> ~Paul
>
> ________________________________
>
> This message may contain confidential or privileged information. If you
> are not the intended recipient, please advise us immediately and delete
> this message. See http://www.datapipe.com/legal/email_disclaimer/ for
> further information on confidentiality and the risks of non-secure
> electronic communication. If you cannot access these links, please notify
> us by reply message and we will send the contents to you.
>

More information about the freebsd-net mailing list