gateway machine port redirect question
Warren Block
wblock at wonkity.com
Sun Feb 21 03:49:10 UTC 2016
On Sat, 20 Feb 2016, Valeri Galtsev wrote:
> Dear Experts,
>
> I'm one of Linux refugees who several years ago migrated majority of
> servers from Linux to FreeBSD and is happy since. When recently I needed
> to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 on it,
> used ipwf and natd, and all works well, machines behind gateway on LAN can
> happily reach real network. I hit one snag later though: When I tried to
> redirect TCP traffic on some port to machine on internal private network
> behind gateway, whatever I do doesn't work.
>
> Could somebody point to simple example (it doesn't matter which components
> are involved, I don't feel married to ipfw and natd) for FreeBSD 10.2 that
> makes the machine gateway, and one of the ports of traffic coming from
> public network is redirected to machine on private network behind gateway.
> Something I can reproduce that works, which I then will gradually convert
> into what I need. Other way around: adding redirection to already working
> (and a bit sophisticated) gateway I set up appears to be beyond my mental
> abilities: a couple of weeks of frustration confirm it to me.
I haven't used IPFW in many years, but it can do it. For pf, this works:
ext_if="em0"
internal_net="192.168.1.0/24"
external_addr="a.b.c.d"
webserver="192.168.1.240"
...
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $external_addr port 80 -> $webserver
More information about the freebsd-net
mailing list