ipnat port-range

Odhiambo ワシントン odhiambo at gmail.com
Thu May 14 14:32:54 UTC 2009


2009/5/14 alexus <alexus at gmail.com>

> 2009/5/14 Odhiambo  ワシントン <odhiambo at gmail.com>:
> >
> >
> > On Wed, May 13, 2009 at 9:09 PM, alexus <alexus at gmail.com> wrote:
> >>
> >> On Wed, May 13, 2009 at 12:58 PM, alexus <alexus at gmail.com> wrote:
> >> > i need to redirect bunch of ports, or port-range from outside to my
> jail
> >> >
> >> > # /etc/rc.d/ipnat reload
> >> > /etc/rc.d/ipnat: DEBUG: checkyesno: ipnat_enable is set to YES.
> >> > /etc/rc.d/ipnat: DEBUG: run_rc_command: doit: /sbin/ipnat -F -C -f
> >> > /etc/ipnat.rules
> >> > 0 entries flushed from NAT table
> >> > 2 entries flushed from NAT list
> >> > syntax error error at "port-range", line 8
> >> > # grep port-range /etc/ipnat.rules
> >> > rdr bce0 0/0 port-range 49152:65534 -> lama port-range 49152:65534 tcp
> >> > #
> >> >
> >> >
> >> >
> >> > --
> >> > http://alexus.org/
> >> >
> >>
> >> that rule is wrong to begin with as rdr doesn't work with ranges, i
> >> guess I need to use something else..
> >>
> >> anyone done something like that? use ipnat to map range of ports? this
> >> is for ftp PASV
> >
> >
> > Looks like it's time to convert your rules into PF then start using PF.
> >
> >
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254733744121/+254722743223
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > "Clothes make the man.  Naked people have little or no influence on
> > society."
> >               -- Mark Twain
> >
>
> i'm pretty sure people have asked that in the past
>
> but i guess whats the pros and cons one vs another, we have 3 candidates
>
> ipfw - FreeBSD
> ipf
> pf - OpenBSD
>
> and why not all of 'em at once?:) bit a hassle to maintane but it
> seems like ipf can't do what i need, yet pf can
> ipfw i can limit traffic i dont know if ipf or pf can .. it seems like
> they all have something that the other can't
>

They can co-exist when you know what you are doing, yes:)
AFAIK, PF should have all that IPFW can do.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Clothes make the man.  Naked people have little or no influence on
society."
              -- Mark Twain


More information about the freebsd-questions mailing list