From owner-freebsd-hackers@FreeBSD.ORG  Wed May 10 14:03:28 2006
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B22A716A4D5
	for <freebsd-hackers@freebsd.org>; Wed, 10 May 2006 14:03:28 +0000 (UTC)
	(envelope-from david@madole.net)
Received: from b.omd3.com (b.omd3.com [69.90.174.37])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6EAE543D68
	for <freebsd-hackers@freebsd.org>; Wed, 10 May 2006 14:03:28 +0000 (GMT)
	(envelope-from david@madole.net)
Received: from dhcp-66-212-201-164.myeastern.com ([66.212.201.164]
	helo=[192.168.231.195]) by b.omd3.com with esmtpa (Exim 4.54)
	id 1FdpHj-000KaD-MW; Wed, 10 May 2006 10:03:27 -0400
Message-ID: <4461F2AE.1010508@madole.net>
Date: Wed, 10 May 2006 10:03:26 -0400
From: "David S. Madole" <david@madole.net>
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
MIME-Version: 1.0
To: "marcel245@mweb.co.za" <marcel245@mweb.co.za>
References: <922141e3b0574a3aaf1eb5e364c4c463@mweb.co.za>
In-Reply-To: <922141e3b0574a3aaf1eb5e364c4c463@mweb.co.za>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: IPFW + NATD
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2006 14:03:29 -0000

marcel245@mweb.co.za wrote:
>    Now i =ave tried the likes of "ipfw add divert natd all from
>    10.150.200.= 35 to 196.25.211.150 via tun0"
>     And that does not work.   Ive tried many examples. And cannot come right
That is fine, but you need to make sure the packets for both directions 
of the connections go through natd.

Without seeing your entire set of ipfw rules and configuration, I can't 
suggest exactly what to do, but remember the outgoing packets will match 
addresses before NAT (on the inside of natd) and the incoming will match 
after NAT (on the outside of natd).

Assuming that 1.2.3.4 is the address you are NATing to, something 
similar to this should work:

00001 divert natd ip from 10.150.200.5 to 196.25.211.150 xmit via tun0
00002 divert natd ip from any to 1.2.3.4 recv via tun0

Adjust to suit your own configuration.

David