IPFW Firewall NAT inbound port-redirect

Dan Nelson dnelson at allantgroup.com
Tue Jul 12 23:05:28 UTC 2011

In the last episode (Jul 12), Michael Sierchio said:
> On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson <dnelson at allantgroup.com> wrote:
> > In the last episode (Jul 12), Michael Sierchio said:
> >> Is there a way of specifying a particular public address if there is
> >> more than one bound to the external interface?  A la
> >>
> >> nat 123 config if re0.2 log same_ports redirect_port tcp
> >
> > Yes; the redirect_port syntax is described in the natd manpage:
> >
> >     redirect_port proto targetIP:targetPORT[-targetPORT]
> >                 [aliasIP:]aliasPORT[-aliasPORT]
> >                 [remoteIP[:remotePORT[-remotePORT]]]
> >
> We're not talking about natd.  The question was about the use of
> ipfirewall nat.

Right, but ipfw nat is basically the userland libalias library loaded as a
kernel module, so the config parameters are the same.

$ grep MODULE_DEPEND /sys/netinet/ipfw/ip_fw_nat.c
MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1);
MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2);

also, man ipfw:

     ipfw support in-kernel NAT using the kernel version of libalias(3).
     Redirect and LSNAT support follow closely the syntax used in natd(8).
     See Section EXAMPLES for some examples on how to do redirect and lsnat.

	Dan Nelson
	dnelson at allantgroup.com

More information about the freebsd-questions mailing list