I have some questions about natd and firewall....^_^|||
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Wed May 31 07:50:27 PDT 2006
董佑龍 <ss650120 at ms10.hinet.net> writes:
> Hello:
> My English is not good. I am sorry about this first. ~_~
You made yourself clear. Better than "good enough."
> My system: FreeBSD + IPFW + NAT
>
> Question 1: about NAT (in FreeBSD)
> I built a "natd.conf" and it's contents are below:
> redirect_address 192.168.0.1 140.115.10.22
>
> I have 2 computers in the LAN: 192.168.0.200 and
> 192.168.0.201.
> The redirect rule (above) will affect any connection which
> destination is 140.115.10.22.
> But, I don't want this rule to redirect the packets sent
> from 192.168.0.200.(ie. This rule will affect all nodes inside the LAN but
> 192.168.0.200) Can I make it?
Yes. What you do is make sure that packets from that address don't
get sent to the divert socket in your ipfw ruleset. For example, you
could use a "skipto" rule before the divert rule.
> Question 2: about Firewall (in FreeBSD)
> Is there any argument in IPFW just like the function of the
> "redirect_address" in NAT can be used? If it is, I think it may can solve
> the above problem.
Not exactly. You can use a "fwd" rule, but the destination IP address
won't be changed. The machine you forward to won't accept the packets
because its address isn't 140.115.10.22.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
More information about the freebsd-questions
mailing list