From owner-freebsd-questions Wed May 9 2:51:48 2001 Delivered-To: freebsd-questions@freebsd.org Received: from woody.ichilton.co.uk (woody.ichilton.co.uk [216.29.174.40]) by hub.freebsd.org (Postfix) with ESMTP id E4AFC37B423 for ; Wed, 9 May 2001 02:51:44 -0700 (PDT) (envelope-from ian@woody.ichilton.co.uk) Received: by woody.ichilton.co.uk (Postfix, from userid 1000) id EBF15809B; Wed, 9 May 2001 10:51:43 +0100 (BST) Date: Wed, 9 May 2001 10:51:43 +0100 From: Ian Chilton To: freebsd-questions@freebsd.org Subject: Port Forwarding and IPFW Message-ID: <20010509105143.A7437@woody.ichilton.co.uk> Reply-To: Ian Chilton Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.13i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, Please CC replies to ian@ichilton.co.uk, as I am not on the list! Just 4 quick questions: 1) For NAT to work, do I have to to something like: ${fwcmd} add pass all from ${inet}:${imask} to ${onet}:${omask} as well as: ${fwcmd} add divert natd all from any to any via ${oif} Or, will the latter surfice? 2) The above "${fwcmd} add divert natd all from any to any via ${oif}" should cover the 3 internal i/f's I have (192.168.1.1, 192.168.2.1, 192.168.3.1), if I understand correct. How can I add a bandwidth limit of 32k to each of those i/f's? I want to stop people using NAT inside saturating the connection which is used for hosting. 3) How do I do port forwarding on FreeBSD, with IPFW+NATD? I want to add a few virtual interfaces to the outside interface with more static ip's, block all ports on these ip's, except some ports which will be sent inside. How do I do the forwarding? 4) Are these the right rules for the above, and are they in the right order? # Should be deny by default, so will allow 80 and 25 in: ${fwcmd} add pass tcp from any to ${fwip1} 80 setup ${fwcmd} add pass tcp from any to ${fwip1} 25 setup Correct? Thanks in Advance! Bye for Now, Ian \|||/ (o o) /-----------------------------ooO-(_)-Ooo----------------------------\ | Ian Chilton E-Mail: ian@ichilton.co.uk | | IRC Nick: GadgetMan Backup: ichilton@www.linux.org.uk | | ICQ: 16007717 / 104665842 Web : http://www.ichilton.co.uk | |--------------------------------------------------------------------| | For people who like peace and quiet: a phoneless cord | \--------------------------------------------------------------------/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message