From owner-freebsd-questions@FreeBSD.ORG Thu May 14 14:23:39 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0746106566C for ; Thu, 14 May 2009 14:23:39 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.28]) by mx1.freebsd.org (Postfix) with ESMTP id 97F378FC15 for ; Thu, 14 May 2009 14:23:39 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so733122ywe.13 for ; Thu, 14 May 2009 07:23:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=+p3yXueIlvvpnP+ofpTfF/m4KQI+uwTcvI4T3cU+Ljk=; b=V+Op+Y7rO7TfKES+McMW/n6mlgEhQJpXnlj4JZ49hestEA+qlivCxbpuMmttvtiw6N aYOPUvXGR0g/S0uRAMUJCLew/PiMTc0ZOjVujmgBpWKH2xMjLhvvCDUdaiWXCZEC+Uyc jxWzb2qabe9THbwGAZcr6yEksmHndHFSEVKwk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=mCMEUlT+3lDdrjAsmNpmmVa4ZLzwEgd9nmoAhmZR38/JoaxHR+lyqHkHre3vNXHoac ode6lqF1oSw65oJsu9sip0fBdOvhtOhflP0mGArGTW5H5kIqJXJf3eEA51heGkdf3vDk yvjiEYYtJ0LgWgL2LBYRxKSOPVZ9IlHuqmD1s= MIME-Version: 1.0 Received: by 10.151.139.6 with SMTP id r6mr3754876ybn.58.1242311019017; Thu, 14 May 2009 07:23:39 -0700 (PDT) In-Reply-To: <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com> <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> Date: Thu, 14 May 2009 10:23:38 -0400 Message-ID: <6ae50c2d0905140723l4503b96ayc6a997289e29d3f4@mail.gmail.com> From: alexus To: =?UTF-8?B?T2RoaWFtYm8g44Ov44K344Oz44OI44Oz?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "freebsd-questions@freebsd.org" Subject: Re: ipnat port-range X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 14:23:40 -0000 2009/5/14 Odhiambo =E3=83=AF=E3=82=B7=E3=83=B3=E3=83=88=E3=83=B3 : > > > On Wed, May 13, 2009 at 9:09 PM, alexus wrote: >> >> On Wed, May 13, 2009 at 12:58 PM, alexus wrote: >> > i need to redirect bunch of ports, or port-range from outside to my ja= il >> > >> > # /etc/rc.d/ipnat reload >> > /etc/rc.d/ipnat: DEBUG: checkyesno: ipnat_enable is set to YES. >> > /etc/rc.d/ipnat: DEBUG: run_rc_command: doit: /sbin/ipnat -F -C -f >> > /etc/ipnat.rules >> > 0 entries flushed from NAT table >> > 2 entries flushed from NAT list >> > syntax error error at "port-range", line 8 >> > # grep port-range /etc/ipnat.rules >> > rdr bce0 0/0 port-range 49152:65534 -> lama port-range 49152:65534 tcp >> > # >> > >> > >> > >> > -- >> > http://alexus.org/ >> > >> >> that rule is wrong to begin with as rdr doesn't work with ranges, i >> guess I need to use something else.. >> >> anyone done something like that? use ipnat to map range of ports? this >> is for ftp PASV > > > Looks like it's time to convert your rules into PF then start using PF. > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > "Clothes make the man. =C2=A0Naked people have little or no influence on > society." > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -- Mark Twain > i'm pretty sure people have asked that in the past but i guess whats the pros and cons one vs another, we have 3 candidates ipfw - FreeBSD ipf pf - OpenBSD and why not all of 'em at once?:) bit a hassle to maintane but it seems like ipf can't do what i need, yet pf can ipfw i can limit traffic i dont know if ipf or pf can .. it seems like they all have something that the other can't --=20 http://alexus.org/