FreeBSD Mail Archives

Date:      Sat, 10 Mar 2012 16:02:13 +0100
From:      "Terrence Koeman" <terrence@mediamonks.net>
To:        "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
Cc:        "freebsd-ipfw@herveybayaustralia.com.au" <freebsd-ipfw@herveybayaustralia.com.au>
Subject:   RE: newbie IPFW user
Message-ID:  <df0f6476d5fe3d4faa49fa884bb4a7d6@mediamonks.com>
In-Reply-To: <4F5B5187.2010303@herveybayaustralia.com.au>


[-- Attachment #1 --]
On Sat, 10 Mar 2012 at 14:05:11, Da Rock wrote:

> On 03/10/12 19:47, Julian Elischer wrote:
>> On 3/9/12 6:39 AM, Da Rock wrote:
>>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I
>>> believe) was using 4.3. I'm now attempting to use IPFW for some tests
>>> (and hopefully move to production), and I'm trying to determine how I
>>> would setup binat using IPFW; or even if its possible at all.
>>> 
>>> I've been hunting some more in depth documentation, but it appears to
>>> be scarce/not definitive. I suspect using the modes in libalias such
>>> as "use same ports" and "reverse" might be able to do what I'm looking
>>> for?
>>> 
>>> Any clarity much appreciated.
>> 
>> well of course
>> man ipfw is the basis..
>> 
>> since you don't give any hints as to what you want to do that is not
>> in /etc/rc.firewall,
>> it is hard to know how to help you..
> I think that is the fundamental problem: I defined what I was doing but
> the terms are foreign, ergo the man doesn't show it either.
> 
> Binat is defined in pf, so I used the terminology thinking it would just
> click. Apparently not :) Binat is 1:1 natting to and from a client
> behind a firewall (according to pf), so binat nats traffic from the
> client and from the external network. For all intents and purposes it
> appears the client is actually on the external network, with the added
> benefit that only the ports needed can be natted, and others can be
> diverted elsewhere.
> 
> I'm using it for voip currently (and vpn on the same client): voip
> requires 5060 remote _and_ connection ports, and needs to be forwarded
> as is (excepting ip address) and not appear to be natted os as not to
> confuse the client. VPN uses 500/4500 and requires an untouched packet
> payload (ipsec).
> 
> Are there any sources for documentation on the advanced uses of ipfw? I
> stumbled on just one that goes into more detail so far
> http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO.

You are describing static NAT I believe.

I use:

  $cmd nat   10 config ip <external IP1> same_ports \
  redirect_addr 172.16.10.101 <external IP2> \
  redirect_addr 172.16.0.75 <external IP3>

Also look at redirect_port.

-- 
Regards,
T. Koeman, MTh/BSc/BPsy; Technical Monk

MediaMonks B.V. (www.mediamonks.com)
Please quote relevant replies in correspondence.

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��0��0���E.3��]+*�c:=sRgy0
	*�H��
0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification Authority0
110716140129Z
120716151657Z0w1 0Uterrence@mediamonks.net10Usmime10	UUS1&0$	*�H��
	terrence@mediamonks.net10U
smime0��0
	*�H��
��0�����F�N�7�S�'}?(���E�\�S��\so�I�4�#��r�}�7!R�&S���f�}��p]x�)���~׀R�R��t�P�D�'˜θ�*|2�3���l�n�/�K4T�ju����}��-5�t��7����0��0	U00U5�:�G�
��F���10U�0U%0
+04U-0+0)�'�%�#http://crl.securetrust.com/XGCA.crl0BU ;0907
`�H��d0)0'+http://ssl.trustwave.com/CA0
	*�H��
���}NB�?��Wߙ��P̡I^/�u|����Ț*W'�!�0\�oG�Y����7I��8�&k�"�����#�jW�����o���5+ZcL$��0S�ˈџ�S����XL��8Fh�-`��|?��=�,S]�uL�R�+6P/�/�e�O/%S�V�=���4'��e��"�C�������
�ѧ7ܚ�"B�!�F��6��Z#�q5�"��d�%ν�a3o��	?bVv ���ߜ�8a8�V�~p�0�0�00��P�l��՜M՗�u���0
	*�H��
0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification Authority0
041101171404Z
350101053719Z0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification Authority0�"0
	*�H��
�0�
��$����ǌ�'�8i�N�,.!\D�!]~#t�^~�J������[�gtk]��)��ٜ
�mv(X�e�J�y���1~�+���@;��ˢ�6`��0�m�n�3�_OaZ������;����k-4|�Ha��aD�o�J���M��4zr8�A�<�}�Ȧ�����3;�=7��z>�,�s�
W�d�����d�Z%"�4,��hmӊ�ď��#��z
�j�����Bg�%�E�!���|�b>���-���e���0��0	+�7CA0U�0U�0�0U�O�=c�	��b���\��06U/0-0+�)�'�%http://crl.xrampsecurity.com/XGCA.crl0	+�70
	*�H��
��9g�J�
`[��M�b�$S'ׂdN�.�I+����xg5����H��
�?�ɶ�U�H���Y.[;�}G�7�_Mv6�ס�F �,m��~?)����ɒs��d��+��,ҹ�}�o1������	y\#�M��!M�y���'���
��dA1�l�$��\q���~�j�!��ۦ�@��������=i��(��<����|@���C}��:����4�����	�;��L��'|B�t|��	ɴ%�1��0��0��0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification AuthorityE.3��]+*�c:=sRgy0	+��o0	*�H��
	1	*�H��
0	*�H��
	1
120310150212Z0#	*�H��
	1����a:l`��W97��w�10��	+�71��0��0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification AuthorityE.3��]+*�c:=sRgy0��*�H��
	1�����0��10	UUS10Uwww.xrampsecurity.com1$0"U
XRamp Security Services Inc1-0+U$XRamp Global Certification AuthorityE.3��]+*�c:=sRgy0��	*�H��
	1��0��0	`�He*0	`�He0
*�H��
0	`�He0*�H��
�0+0
*�H��
@0
*�H��
(0+0	`�He0	`�He0	`�He0
*�H��
0
	*�H��
��
E����O��'�(̜�s�8Aȗ$��/Xp�%S�����'�N��i������Ph���Py��ܹ9���%���6�4����TR��jŻ���Ú�y����
h��N��P-X�k�d�f�j

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df0f6476d5fe3d4faa49fa884bb4a7d6>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation