How abuot firewall_nat_rules?
KIRIYAMA Kazuhiko
kiri at pis.elm.toba-cmt.ac.jp
Sat May 11 00:30:25 UTC 2013
Hi stable list,
Now ipfw_nat's rules must be write directly in firewall_nat_flags. This is
messy to describe many rules. firewall_nat_rules will be treat smartly.
To enable firewall_nat_rules,apply following patch to /etc/rc.firewall
--- /etc/rc.firewall.org 2013-05-11 08:23:13.000000000 +0900
+++ /etc/rc.firewall 2013-05-11 08:29:11.000000000 +0900
@@ -162,6 +162,9 @@
case ${firewall_nat_enable} in
[Yy][Ee][Ss])
if [ -n "${firewall_nat_interface}" ]; then
+ if [ -r "${firewall_nat_rules}" ]; then
+ firewall_nat_flags="${firewall_nat_flags} `cat ${firewall_nat_rules}`"
+ fi
if echo "${firewall_nat_interface}" | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
and then put in /etc/rc.conf
firewall_enable="YES"
firewall_type="OPEN"
firewall_nat_enable="YES"
firewall_nat_interface="X.X.X.X"
firewall_nat_flags="deny_in reset same_ports unreg_only"
firewall_nat_rules="/etc/ipfw_nat.rules"
where X.X.X.X is the outgoing global address and firewall_nat_rules specfies
the file in which describe ipfw_nat's rules, actually ipfw arguments
following to "${fwcmd} nat 123 config log" for example
redirect_port tcp 192.168.1.7:2401 2401
redirect_port tcp 192.168.1.5:80 80
redirect_port tcp 192.168.1.1:22 22069
redirect_port tcp 192.168.1.2:22 22053
redirect_port tcp 192.168.1.3:22 22025
redirect_port tcp 192.168.1.4:22 22080
redirect_port tcp 192.168.1.5:22 22021
redirect_port tcp 192.168.1.6:22 22067
redirect_port tcp 192.168.1.7:22 22401
redirect_port tcp 192.168.1.8:22 22081
redirect_port tcp 192.168.1.32:9100 63189
redirect_port tcp 192.168.1.252:9100 23089
redirect_port tcp 192.168.1.254:22 22
Regards
---
kiri at openedu.org
More information about the freebsd-stable
mailing list