From owner-freebsd-questions@FreeBSD.ORG Thu May 14 05:59:27 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 84313106566C for ; Thu, 14 May 2009 05:59:27 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-fx0-f216.google.com (mail-fx0-f216.google.com [209.85.220.216]) by mx1.freebsd.org (Postfix) with ESMTP id EDFDD8FC0C for ; Thu, 14 May 2009 05:59:26 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by fxm12 with SMTP id 12so1072345fxm.43 for ; Wed, 13 May 2009 22:59:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=4yjL3xfxCN+y7YQCXA5XnENZ7RkBKIvvaYpbdz+lE4I=; b=ogrfmc3GwQ1tL8wQkwNetfDEVyKmeIlP2B6GUpniIU9wxcPlk9cO8GiH+t+/q6GpHM YEo3u+xuLjR2dzVqeAAd40MqWtd6iRviKKEbogJ1meeBEJTpHttMkkwGeR2lvx5+LzFs ldIH5pHpRyutLTEQrq9QN//QPN8viLFzdgDU8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=chjF/hyOA41CWGJjPS4+ECbTQrU8sb2RePbzAeh2L2b5xIIqSI+cbywSA0z0bTWUR4 lqWI5IrPFBILU3UWB4mgbodB7WqSJtHcqoZQK51VYNOyBqRlC5rhK4erek9P7aeCqzVa 1MXSzAc3wzSRe7mh2ZlJOZ2/rureoqF8LK+5Q= MIME-Version: 1.0 Received: by 10.223.126.69 with SMTP id b5mr1428874fas.34.1242280766047; Wed, 13 May 2009 22:59:26 -0700 (PDT) In-Reply-To: <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com> <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> Date: Thu, 14 May 2009 08:59:26 +0300 Message-ID: <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> From: =?UTF-8?B?T2RoaWFtYm8gIOODr+OCt+ODs+ODiOODsw==?= To: alexus Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-questions@freebsd.org" Subject: Re: ipnat port-range X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 05:59:27 -0000 On Wed, May 13, 2009 at 9:09 PM, alexus wrote: > On Wed, May 13, 2009 at 12:58 PM, alexus wrote: > > i need to redirect bunch of ports, or port-range from outside to my jail > > > > # /etc/rc.d/ipnat reload > > /etc/rc.d/ipnat: DEBUG: checkyesno: ipnat_enable is set to YES. > > /etc/rc.d/ipnat: DEBUG: run_rc_command: doit: /sbin/ipnat -F -C -f > > /etc/ipnat.rules > > 0 entries flushed from NAT table > > 2 entries flushed from NAT list > > syntax error error at "port-range", line 8 > > # grep port-range /etc/ipnat.rules > > rdr bce0 0/0 port-range 49152:65534 -> lama port-range 49152:65534 tcp > > # > > > > > > > > -- > > http://alexus.org/ > > > > that rule is wrong to begin with as rdr doesn't work with ranges, i > guess I need to use something else.. > > anyone done something like that? use ipnat to map range of ports? this > is for ftp PASV > Looks like it's time to convert your rules into PF then start using PF. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain