Date: Sun, 30 Jun 2013 08:15:57 +0300 From: Sami Halabi <sodynet1@gmail.com> To: "Paul A. Procacci" <pprocacci@datapipe.com> Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org Subject: Re: DNAT in freebsd Message-ID: <CAEW%2BogYSBo-_9TYOfz68FNKr9uCw0QRpa8LfaCn_9WwoWhtmCw@mail.gmail.com> In-Reply-To: <CAEW%2BogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com> References: <CAEW%2BogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com> <20130629002959.GB20376@nat.myhome> <CAEW%2BogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Any buyers? :) I need your kindly help on this... Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=99=D7=95=D7=A0 2013 09:50= , =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>: > I think I was misunderstood... > Here is the situation i want to handle: > My box is a router that handles several /24 behind. > One of my links (em0) is connected to a private network 192.168.0.1 is me= , > my neighbour is 192.168.0.2. > I want to make that any connection comes to 192.168.0.1 to go to ip > 193.xxx.yyy.2 using specific public ip 84.xx.yy.1 > And packets comming to my public 84.xx.yy.1 ip to be trsnslated as came > from 192.168.0.1 and sent to 192.168.0.2/or ant other ips > behind(192.168.1.xx/24). > > Hope that makes it clearer, and I appreciate any help. > > Sami > =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 29 =D7=91=D7=99=D7=95=D7=A0 2013 03:= 30, =D7=9E=D7=90=D7=AA "Paul A. Procacci" <pprocacci@datapipe.com > >: > >> > Hi, (sorry for sending again, the last email was with wrong subject) >> > I would like to perform a full dnat/snat as in iptbles in: >> > linux-ip.net/html/nat-dnat.html >> > How it can be done in fbsd, I use ipfw. >> > >> > I seeked natd man page but its translation, and thr proxy_rule is for >> > specefic port, not a whole transparancy. >> > >> >> Using in-kernel nat is probably a better choice IMHO. >> >> read `man ipfw(8)` >> >> The section labeled EXAMPLES has exactly what you need. >> Here is a snippet from the manpage to get you started: >> >> ------------------------------- >> <!--snip--> >> >> Then to configure nat instance 123 to alias all the outgoing traffic wit= h >> ip 192.168.0.123, blocking all incoming connections, trying to keep same >> ports on both sides, clearing aliasing table on address change and keep- >> ing a log of traffic/link statistics: >> >> ipfw nat 123 config ip 192.168.0.123 log deny_in reset same_ports >> >> <!--snip--> >> >> ipfw nat 123 config redirect_addr 10.0.0.1 10.0.0.66 >> redirect_port tcp 192.168.0.1:80 500 >> redirect_proto udp 192.168.1.43 192.168.1.1 >> redirect_addr 192.168.0.10,192.168.0.11 >> 10.0.0.100 # LSNAT >> redirect_port tcp 192.168.0.1:80, >> 192.168.0.10:22 >> 500 # LSNAT >> >> <!--snip--> >> ------------------------------- >> >> >> ~Paul >> >> ________________________________ >> >> This message may contain confidential or privileged information. If you >> are not the intended recipient, please advise us immediately and delete >> this message. See http://www.datapipe.com/legal/email_disclaimer/ for >> further information on confidentiality and the risks of non-secure >> electronic communication. If you cannot access these links, please notif= y >> us by reply message and we will send the contents to you. >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogYSBo-_9TYOfz68FNKr9uCw0QRpa8LfaCn_9WwoWhtmCw>