From owner-freebsd-questions  Thu Nov 16 23:28:40 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id C736B37B4CF
	for <freebsd-questions@freebsd.org>; Thu, 16 Nov 2000 23:28:35 -0800 (PST)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Thu, 16 Nov 2000 23:27:06 -0800
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAH7SVD18204;
	Thu, 16 Nov 2000 23:28:31 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 16 Nov 2000 23:28:31 -0800
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Ken Menzel <kenm@icarz.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ipfw divert  few to many
Message-ID: <20001116232831.E9740@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <02e701c04fef$e0d35c20$641663cf@icarz.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <02e701c04fef$e0d35c20$641663cf@icarz.com>; from kenm@icarz.com on Thu, Nov 16, 2000 at 12:08:45PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, Nov 16, 2000 at 12:08:45PM -0500, Ken Menzel wrote:
> Hi,
>   I am looking for some configuration help on ipfw unsing NAT (natd).
> If this is not the correct forum,  please direct me on where I can
> search.  I have hunted the web site and can't seem to come up with an
> example of a simple man to few NAT example.
> I followed the tutorial ( www.freebsd.org/tutorials ) on setting up a
> simple firewall.  I actually dropped all the firewall stuff and am
> just using NAT.  All my computers on the private net can get out,  but
> I want to be able to redirect some of my outside IP's to the inside.
> On the external interface I have to IP's configured (the base IP
> 207.99.22.11) and an alias of 207.99.22.38  I am not sure of the
> command to redirect all (or some) incoming requests for 207.99.22.38
> to some IP (ie 10.0.0.10).  Would that be another divert command?  My
> natd setup now is only two commands (plus the flush and command
> setup!).  Do I need a netd.conf?
> 
>     fwcmd="/sbin/ipfw"
> 
>     # Force a flushing of the current rules before we reload.
>     $fwcmd -f flush
> 
>     # Divert all packets through the tunnel interface.
>     $fwcmd add divert natd all from any to any via fxp0
>     $fwcmd add pass all from any to any
> 
> my rc.conf is:
> 
> ifconfig_fxp0="inet 207.99.22.11 netmask 255.255.255.128"
> ifconfig_fxp0_alias0="inet 207.99.22.38 "
> ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0"
> hostname="freebsd2.icarz.com"
> defaultrouter="207.99.22.1"
> linux_enable="YES"
> gateway_enable="YES"
> natd_enable="YES"
> natd_interface="fxp0"
> natd_flags="-dynamic"
> firewall_enable=yes
> firewall_script="/etc/firewall/simple"
> 
> Any advice is appreciated.

RTFM, natd(8). See 'redirect_port' and 'redirect_address.'
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message