From owner-freebsd-questions  Tue Jan 29 12:41:48 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by hub.freebsd.org (Postfix) with ESMTP id 4503E37B400
	for <freebsd-questions@FreeBSD.ORG>; Tue, 29 Jan 2002 12:41:43 -0800 (PST)
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g0TKdtM94123;
	Tue, 29 Jan 2002 17:39:56 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Tue, 29 Jan 2002 17:39:54 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To: Jarek Granat <jarek@adeon.lublin.pl>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPNAT problem
In-Reply-To: <20020129185447.A28048-100000@adeon.lublin.pl>
Message-ID: <20020129172923.L92865-100000@cactus.fi.uba.ar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 29 Jan 2002, Jarek Granat wrote:

> Now I use IPf/IPnat and I'd like to do redirect incoming
> packets in this way:
>
> - we redirect packets only when packet is from A.B.C.D
>   (packets from other IPs aren't redirects)

I dont know if you can do that in ipnat. Search th IPF mailing list archives
for more info (http://false.net/ipfilter)


> - we redirect packets to computer under NAT - 192.168.0.X
> - we redirect packets incoming to *all* ports, tcp&udp

Yopu can do this with bimap. bimap is for one to one mapping (you map one
public IP to one private IP).

In general:

* If you want to map a set of private IPs to a smaller set of public IPs,
  you use map.

* If you want to redirect some ports, or if you have more exposed services
  than public IPs, you use rdr.

* If you want to do interception/transparent proxying, you use rdr.

* If you want to map one public IP to one private IP, you use bimap.

* If you want to map a block of public IPs to a block of private IPs (of the
  same size) and you don't feel like writing a bimap for each one, you use
  map-block.


For more info you can search the ipf mailing list archives (see above), read
the HOWTO (http://www.obfuscation.org/ipfilter/) and the ipf faq
(http://home.earthlink.net/~jaymzh666/ipf/).


Hope this helps.


				Fer


>
> How to do it?
> rdr? map? bimap?
>
> Thanks,
> --
> =[-----------------------------------------]=
> =[ Jarek Granat `dze' - nic-hdl: JG3-6BONE ]=
> =[ jarek@adeon.lublin.pl   -   GG: 1124881 ]=
> =[ www.granat.eu.org - www.adeon.lublin.pl ]=
> =[-----------------------------------------]=
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message