From owner-freebsd-net@freebsd.org Sun Feb 21 02:22:10 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D472AAFAB5 for ; Sun, 21 Feb 2016 02:22:10 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.70.90]) by mx1.freebsd.org (Postfix) with ESMTP id 1F41817A2 for ; Sun, 21 Feb 2016 02:22:09 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id E8C88CB8CAA; Sat, 20 Feb 2016 20:22:01 -0600 (CST) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Sat, 20 Feb 2016 20:22:01 -0600 (CST) Message-ID: <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu> Date: Sat, 20 Feb 2016 20:22:01 -0600 (CST) Subject: gateway machine port redirect question From: "Valeri Galtsev" To: freebsd-net@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Feb 2016 02:22:10 -0000 Dear Experts, I'm one of Linux refugees who several years ago migrated majority of servers from Linux to FreeBSD and is happy since. When recently I needed to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 on it, used ipwf and natd, and all works well, machines behind gateway on LAN can happily reach real network. I hit one snag later though: When I tried to redirect TCP traffic on some port to machine on internal private network behind gateway, whatever I do doesn't work. Could somebody point to simple example (it doesn't matter which components are involved, I don't feel married to ipfw and natd) for FreeBSD 10.2 that makes the machine gateway, and one of the ports of traffic coming from public network is redirected to machine on private network behind gateway. Something I can reproduce that works, which I then will gradually convert into what I need. Other way around: adding redirection to already working (and a bit sophisticated) gateway I set up appears to be beyond my mental abilities: a couple of weeks of frustration confirm it to me. I really do not want to go back to Linux to do this, even though I feel I can do it based on Linux in a course of an hour or two - I've set up a few of them in the past using Linux, that's the longest it took me in my recollection. Thanks in advance for all your answers and pointers! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++