How abuot firewall_nat_rules?

KIRIYAMA Kazuhiko kiri at pis.elm.toba-cmt.ac.jp
Sat May 11 00:30:25 UTC 2013


Hi stable list,

Now ipfw_nat's rules must be write directly in firewall_nat_flags. This is
messy to describe many rules. firewall_nat_rules will be treat smartly.
To enable firewall_nat_rules,apply following patch to /etc/rc.firewall

--- /etc/rc.firewall.org	2013-05-11 08:23:13.000000000 +0900
+++ /etc/rc.firewall	2013-05-11 08:29:11.000000000 +0900
@@ -162,6 +162,9 @@
 	case ${firewall_nat_enable} in
 	[Yy][Ee][Ss])
 		if [ -n "${firewall_nat_interface}" ]; then
+			if [ -r "${firewall_nat_rules}" ]; then
+				firewall_nat_flags="${firewall_nat_flags} `cat ${firewall_nat_rules}`"
+			fi
 			if echo "${firewall_nat_interface}" | \
 				grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
 				firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"


and then put in /etc/rc.conf

firewall_enable="YES"
firewall_type="OPEN"
firewall_nat_enable="YES"
firewall_nat_interface="X.X.X.X"
firewall_nat_flags="deny_in reset same_ports unreg_only"
firewall_nat_rules="/etc/ipfw_nat.rules"

where X.X.X.X is the outgoing global address and firewall_nat_rules specfies
the file in which describe ipfw_nat's rules, actually ipfw arguments
following to "${fwcmd} nat 123 config log" for example

redirect_port tcp	192.168.1.7:2401        2401
redirect_port tcp	192.168.1.5:80		80
redirect_port tcp	192.168.1.1:22		22069
redirect_port tcp	192.168.1.2:22		22053
redirect_port tcp	192.168.1.3:22		22025
redirect_port tcp	192.168.1.4:22		22080
redirect_port tcp	192.168.1.5:22		22021
redirect_port tcp	192.168.1.6:22		22067
redirect_port tcp	192.168.1.7:22		22401
redirect_port tcp	192.168.1.8:22		22081
redirect_port tcp	192.168.1.32:9100	63189
redirect_port tcp	192.168.1.252:9100	23089
redirect_port tcp	192.168.1.254:22	22

Regards
---
kiri at openedu.org


More information about the freebsd-stable mailing list