From owner-freebsd-questions@FreeBSD.ORG  Thu May 14 16:35:17 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6531D1065705
	for <freebsd-questions@freebsd.org>;
	Thu, 14 May 2009 16:35:17 +0000 (UTC)
	(envelope-from bernt@bah.homeip.net)
Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se
	[82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id DB5228FC23
	for <freebsd-questions@freebsd.org>;
	Thu, 14 May 2009 16:35:14 +0000 (UTC)
	(envelope-from bernt@bah.homeip.net)
Received: from kw.homeip.net (c80-217-74-54.bredband.comhem.se [80.217.74.54])
	by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id n4EGZCXt034163;
	Thu, 14 May 2009 18:35:13 +0200 (CEST)
	(envelope-from bernt@bah.homeip.net)
Message-ID: <4A0C4830.5090304@bah.homeip.net>
Date: Thu, 14 May 2009 18:34:56 +0200
From: Bernt Hansson <bernt@bah.homeip.net>
User-Agent: slrn/1.0.8 (FreeBSD)
MIME-Version: 1.0
To: alexus <alexus@gmail.com>
References: <6ae50c2d0905130958r6877114bgbea6a4f717c1287d@mail.gmail.com>
	<6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com>
In-Reply-To: <6ae50c2d0905131109j7d61075ao1a0b329a1b2fd122@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: ipnat port-range
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2009 16:35:17 -0000

alexus said the following on 2009-05-13 20:09:
> On Wed, May 13, 2009 at 12:58 PM, alexus <alexus@gmail.com> wrote:
>> i need to redirect bunch of ports, or port-range from outside to my jail
>>
>> # /etc/rc.d/ipnat reload
>> /etc/rc.d/ipnat: DEBUG: checkyesno: ipnat_enable is set to YES.
>> /etc/rc.d/ipnat: DEBUG: run_rc_command: doit: /sbin/ipnat -F -C -f
>> /etc/ipnat.rules
>> 0 entries flushed from NAT table
>> 2 entries flushed from NAT list
>> syntax error error at "port-range", line 8
>> # grep port-range /etc/ipnat.rules
>> rdr bce0 0/0 port-range 49152:65534 -> lama port-range 49152:65534 tcp
>> #

> 
> that rule is wrong to begin with as rdr doesn't work with ranges, i
> guess I need to use something else..
> 
> anyone done something like that? use ipnat to map range of ports? this
> is for ftp PASV
> 

Have you tried this?

# $FreeBSD: src/share/examples/ipfilter/ipnat.conf.sample,v 1.1.34.1 
2008/11/25 02:59:29 kensmith Exp $
map ed1 192.168.0.0/24 -> 192.168.1.110/32 portmap tcp/udp 40000:65000
map ed1 192.168.0.0/24 -> 192.168.1.110/32