From owner-freebsd-net@freebsd.org Mon Feb 22 00:52:20 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2471CAB0E84 for ; Mon, 22 Feb 2016 00:52:20 +0000 (UTC) (envelope-from gcorcoran@rcn.com) Received: from smtp.rcn.com (smtp-fo.rcn.cmh.synacor.com [69.168.97.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E9F91106D for ; Mon, 22 Feb 2016 00:52:19 +0000 (UTC) (envelope-from gcorcoran@rcn.com) X_CMAE_Category: , , X-CNFS-Analysis: v=2.1 cv=B8UZqLZM c=1 sm=1 tr=0 a=jCH78jcaBILaJ1B6H+di6A==:117 a=jCH78jcaBILaJ1B6H+di6A==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=N659UExz7-8A:10 a=6I5d2MoRAAAA:8 a=9Lns2FhbCSpYqnbPmsgA:9 a=v_LIFwndQ58VT8NA:21 a=DJJuFv8FIJ3VidUu:21 a=pILNOxqGKmIA:10 a=pTfG0XxAYjkA:10 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Authed-Username: Z2NvcmNvcmFuQHJjbi5jb20= Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.mail=gcorcoran@rcn.com; spf=neutral; sender-id=neutral Authentication-Results: smtp01.rcn.cmh.synacor.com header.from=gcorcoran@rcn.com; sender-id=neutral Authentication-Results: smtp01.rcn.cmh.synacor.com smtp.user=gcorcoran; auth=pass (PLAIN) Received-SPF: neutral (smtp01.rcn.cmh.synacor.com: 64.121.14.202 is neither permitted nor denied by domain of rcn.com) Received: from [64.121.14.202] ([64.121.14.202:65288] helo=[10.56.78.185]) by smtp.rcn.com (envelope-from ) (ecelerity 3.6.2.43620 r(Platform:3.6.2.0)) with ESMTPA id 56/C4-59846-CBB5AC65; Sun, 21 Feb 2016 19:52:12 -0500 Subject: Re: gateway machine port redirect question To: freebsd-net@freebsd.org References: <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu> From: Gary Corcoran Message-ID: <56CA5AC4.8070502@rcn.com> Date: Sun, 21 Feb 2016 19:48:04 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2016 00:52:20 -0000 On 2/20/2016 9:22 PM, Valeri Galtsev wrote: > Dear Experts, > > I'm one of Linux refugees who several years ago migrated majority of > servers from Linux to FreeBSD and is happy since. When recently I needed > to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 on it, > used ipwf and natd, and all works well, machines behind gateway on LAN can > happily reach real network. I hit one snag later though: When I tried to > redirect TCP traffic on some port to machine on internal private network > behind gateway, whatever I do doesn't work. > > Could somebody point to simple example (it doesn't matter which components > are involved, I don't feel married to ipfw and natd) for FreeBSD 10.2 that > makes the machine gateway, and one of the ports of traffic coming from > public network is redirected to machine on private network behind gateway. > Something I can reproduce that works, which I then will gradually convert > into what I need. Other way around: adding redirection to already working > (and a bit sophisticated) gateway I set up appears to be beyond my mental > abilities: a couple of weeks of frustration confirm it to me. > > I really do not want to go back to Linux to do this, even though I feel I > can do it based on Linux in a course of an hour or two - I've set up a few > of them in the past using Linux, that's the longest it took me in my > recollection. > > Thanks in advance for all your answers and pointers! > > Valeri > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Something like this? It redirects external port 1234 to a machine on the internal network at port 80. In your natd.conf, put something like this: redirect_port tcp 10.12.34.56:80 1234 Gary