Simple NAT
Maxim Filimonov
che at bein.link
Mon Jan 26 21:24:37 UTC 2015
On Monday 26 January 2015 21:36:58 Polytropon wrote:
> On Mon, 26 Jan 2015 16:45:16 +0100, Luciano Mannucci wrote:
> > I have a freebsd machine (FreeBSD troika 10.1-RELEASE FreeBSD 10.1-RELEASE
> > #0 r274401) with openvpn that works like a charm :-)...
> > I wish to nat one and only one of my openvpn clients, possibly for a
> > single destination. What's the better way to avoid disturbing the rest
> > of the operations?
> > Any clues?
> > Is IPFW my friend?
>
> Yes, that should work. In /etc/rc.conf, set
>
> natd_enable="YES"
> natd_interface="xl0"
>
Why use natd, when ipfw can do kernel NAT?
Just do the following:
ipfw nat 1 config if <outer_iface> log reset same_ports
ipfw add 00011 nat 1 ip from <inner_network>/<mask> to any out xmit
<outer_iface>
ipfw add 00012 nat 1 ip from any to <outer_ip> in recv <outer_iface>
And replace <inner_network>, <mask>, <outer_ip>, <outer_iface> with the
appropriate values.
--
wbr, Maxim Filimonov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150127/01b837e2/attachment.sig>
More information about the freebsd-questions
mailing list