IPFW Firewall NAT inbound port-redirect

Bill Tillman btillman99 at yahoo.com
Tue Jul 12 12:19:27 UTC 2011 





________________________________
From: Dan Nelson <dnelson at allantgroup.com>
To: Michael Sierchio <kudzu at tenebras.com>
Cc: freebsd-questions at freebsd.org
Sent: Mon, July 11, 2011 1:07:31 PM
Subject: Re: IPFW Firewall NAT inbound port-redirect

In the last episode (Jul 11), Michael Sierchio said:
> Sorry for the naive question, but most of my old rulesets still use
> natd, and I've only used built-in nat for outbound traffic.  I'd like
> to redirect certain ports on certain addresses to the same ports on
> internal (RFC1918) addresses.  The examples in the man page aren't
> helpful, and the handbook still seems very natd-centric in its
> examples.  Thanks in advance.

I use this at the top of my /etc/ipfw.conf file (re0.2 is the interface
corresponding to my internet connection) :

nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 22 
add nat 123 ip from any to any via re0.2

, which redirects incoming port 22 connections to 10.0.0.3.  If you want to
redirect more ports, add more "redirect_port tcp host:port port" expressions
to the end of your nat line.  I believe you can run the nat config command
manually with a new list (as in "ipfw nat 123 ...") to add/remove entries
dynamically.  I'm not at home to try it, and don't want to risk losing my
remote connection if I mess up :)

-- 
    Dan Nelson
    dnelson at allantgroup.com
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"



I have used IPFW for many years now. As for forwarding traffic from your gateway 
to internal machines I've always used the following in my /etc/natd.conf file:

dynamic
redirect_port tcp 10.0.0.254:80 80 # Apache Webserver inside my LAN
redirect_port udp 10.0.0.214:1194 1194 # OpenVPN Port
redirect_port tcp 10.0.0.213:443 443   # OpenVPN Port

Of course you will need a line like this in your /etc/rc.conf to get natd to 
read this file:

natd_flags="-f /etc/natd.conf"

More information about the freebsd-questions mailing list