IPFW Firewall NAT inbound port-redirect
Dan Nelson
dnelson at allantgroup.com
Tue Jul 12 23:05:28 UTC 2011
In the last episode (Jul 12), Michael Sierchio said:
> On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson <dnelson at allantgroup.com> wrote:
> > In the last episode (Jul 12), Michael Sierchio said:
> >> Is there a way of specifying a particular public address if there is
> >> more than one bound to the external interface? A la
> >>
> >> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1:2222
> >
> > Yes; the redirect_port syntax is described in the natd manpage:
> >
> > redirect_port proto targetIP:targetPORT[-targetPORT]
> > [aliasIP:]aliasPORT[-aliasPORT]
> > [remoteIP[:remotePORT[-remotePORT]]]
> >
>
> We're not talking about natd. The question was about the use of
> ipfirewall nat.
Right, but ipfw nat is basically the userland libalias library loaded as a
kernel module, so the config parameters are the same.
$ grep MODULE_DEPEND /sys/netinet/ipfw/ip_fw_nat.c
MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1);
MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2);
also, man ipfw:
NETWORK ADDRESS TRANSLATION (NAT)
ipfw support in-kernel NAT using the kernel version of libalias(3).
[..]
REDIRECT AND LSNAT SUPPORT IN IPFW
Redirect and LSNAT support follow closely the syntax used in natd(8).
See Section EXAMPLES for some examples on how to do redirect and lsnat.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list