IPFW Firewall NAT inbound port-redirect
Michael Sierchio
kudzu at tenebras.com
Tue Jul 12 15:43:09 UTC 2011
Is there a way of specifying a particular public address if there is
more than one bound to the external interface? A la
nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22
102.10.22.1:2222
?
On Tue, Jul 12, 2011 at 5:19 AM, Bill Tillman <btillman99 at yahoo.com> wrote:
>
>
> ________________________________
> From: Dan Nelson <dnelson at allantgroup.com>
> To: Michael Sierchio <kudzu at tenebras.com>
> Cc: freebsd-questions at freebsd.org
> Sent: Mon, July 11, 2011 1:07:31 PM
> Subject: Re: IPFW Firewall NAT inbound port-redirect
>
> In the last episode (Jul 11), Michael Sierchio said:
>> Sorry for the naive question, but most of my old rulesets still use
>> natd, and I've only used built-in nat for outbound traffic. I'd like
>> to redirect certain ports on certain addresses to the same ports on
>> internal (RFC1918) addresses. The examples in the man page aren't
>> helpful, and the handbook still seems very natd-centric in its
>> examples. Thanks in advance.
>
> I use this at the top of my /etc/ipfw.conf file (re0.2 is the interface
> corresponding to my internet connection) :
>
> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 22
> add nat 123 ip from any to any via re0.2
>
> , which redirects incoming port 22 connections to 10.0.0.3. If you want to
> redirect more ports, add more "redirect_port tcp host:port port" expressions
> to the end of your nat line. I believe you can run the nat config command
> manually with a new list (as in "ipfw nat 123 ...") to add/remove entries
> dynamically. I'm not at home to try it, and don't want to risk losing my
> remote connection if I mess up :)
>
> --
> Dan Nelson
> dnelson at allantgroup.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
> I have used IPFW for many years now. As for forwarding traffic from your
> gateway to internal machines I've always used the following in my
> /etc/natd.conf file:
>
> dynamic
> redirect_port tcp 10.0.0.254:80 80 # Apache Webserver inside my LAN
> redirect_port udp 10.0.0.214:1194 1194 # OpenVPN Port
> redirect_port tcp 10.0.0.213:443 443 # OpenVPN Port
>
> Of course you will need a line like this in your /etc/rc.conf to get natd to
> read this file:
>
> natd_flags="-f /etc/natd.conf"
>
More information about the freebsd-questions
mailing list