From owner-freebsd-ipfw Tue Nov 23 9:22: 9 1999 Delivered-To: freebsd-ipfw@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id BE8B915363 for ; Tue, 23 Nov 1999 09:21:58 -0800 (PST) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id JAA20663; Tue, 23 Nov 1999 09:21:31 -0800 (PST) Date: Tue, 23 Nov 1999 09:21:31 -0800 (PST) From: David Wolfskill Message-Id: <199911231721.JAA20663@pau-amma.whistle.com> To: nick@rapidnet.com, robin@wish.net Subject: Re: IPFW and forward Cc: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <19991123181751.R49519@bofh.wish.net> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >Date: Tue, 23 Nov 1999 18:17:51 +0100 >From: Robin Gruyters >On Tue, Nov 23, 1999 at 10:11:56AM -0700, Nick Rogness wrote: >> ... >> You might want to use divert for this. Something like this: >> ipfw add divert natd ip from any to any via outside_interface >> ... >> There is some other information that nat will need but you can add that >> from the natd man page. >Well what I want to do is, contact an external address trough the firewall and >forward it to an internal address. If I understand you correctly -- that is, that you want to be able to have some host on the Internet to be able to connect to the externally-visible address on the firewall, and have that connection (transparently) made to an internal machine, depending on the destination port (and possibly upon the source IP address, if you like), then yes: Nick's advice was a technique that I have used to accomplish precisely that. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message