Date: Thu, 14 May 2009 17:32:52 +0300 From: =?UTF-8?B?T2RoaWFtYm8gIOODr+OCt+ODs+ODiOODsw==?= <odhiambo@gmail.com> To: alexus <alexus@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: ipnat port-range Message-ID: <991123400905140732y34d37e0eo4d6525f54b4b98dc@mail.gmail.com> In-Reply-To: <6ae50c2d0905140723l4503b96ayc6a997289e29d3f4@mail.gmail.com> References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com> <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com> <991123400905132259n2e99fa40g9ef9c18514ab0637@mail.gmail.com> <6ae50c2d0905140723l4503b96ayc6a997289e29d3f4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/5/14 alexus <alexus@gmail.com> > 2009/5/14 Odhiambo =E3=83=AF=E3=82=B7=E3=83=B3=E3=83=88=E3=83=B3 <odhiam= bo@gmail.com>: > > > > > > On Wed, May 13, 2009 at 9:09 PM, alexus <alexus@gmail.com> wrote: > >> > >> On Wed, May 13, 2009 at 12:58 PM, alexus <alexus@gmail.com> wrote: > >> > i need to redirect bunch of ports, or port-range from outside to my > jail > >> > > >> > # /etc/rc.d/ipnat reload > >> > /etc/rc.d/ipnat: DEBUG: checkyesno: ipnat_enable is set to YES. > >> > /etc/rc.d/ipnat: DEBUG: run_rc_command: doit: /sbin/ipnat -F -C -f > >> > /etc/ipnat.rules > >> > 0 entries flushed from NAT table > >> > 2 entries flushed from NAT list > >> > syntax error error at "port-range", line 8 > >> > # grep port-range /etc/ipnat.rules > >> > rdr bce0 0/0 port-range 49152:65534 -> lama port-range 49152:65534 t= cp > >> > # > >> > > >> > > >> > > >> > -- > >> > http://alexus.org/ > >> > > >> > >> that rule is wrong to begin with as rdr doesn't work with ranges, i > >> guess I need to use something else.. > >> > >> anyone done something like that? use ipnat to map range of ports? this > >> is for ftp PASV > > > > > > Looks like it's time to convert your rules into PF then start using PF. > > > > > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254733744121/+254722743223 > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Clothes make the man. Naked people have little or no influence on > > society." > > -- Mark Twain > > > > i'm pretty sure people have asked that in the past > > but i guess whats the pros and cons one vs another, we have 3 candidates > > ipfw - FreeBSD > ipf > pf - OpenBSD > > and why not all of 'em at once?:) bit a hassle to maintane but it > seems like ipf can't do what i need, yet pf can > ipfw i can limit traffic i dont know if ipf or pf can .. it seems like > they all have something that the other can't > They can co-exist when you know what you are doing, yes:) AFAIK, PF should have all that IPFW can do. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?991123400905140732y34d37e0eo4d6525f54b4b98dc>