Date: Wed, 28 Oct 2009 12:20:45 +0900 From: Randy Bush <randy@psg.com> To: Chris Cowart <ccowart@rescomp.berkeley.edu> Cc: freebsd-net@freebsd.org, remodeler <remodeler@alentogroup.org> Subject: Re: Port-forwarding with IPFW / natd Message-ID: <m28wew8ar6.wl%randy@psg.com> In-Reply-To: <20091027231434.GC11723@hal.rescomp.berkeley.edu> References: <20091027224716.M1459@alentogroup.org> <20091027231434.GC11723@hal.rescomp.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Using natd (or ipfw nat) has the ability to manipulate the IP address > and ports of a packet. The fwd capability in ipfw does not modify the > layer 3 headers, but instead short-circuits the next-hop logic. Take a > look at the fwd description in ipfw(8). > > I would recommend using the ipfw built-in nat support (search for NAT in > ipfw(8)) instead of the old-style divert solution. As I understand it, > divert has overhead related to copying the packets to and from userland, > which is unnecessary when using the in-kernel implementation. i keep circling this area too. my problem is that i use the nat of ppp for the external pppoe. but i want to redirect inbound ssh to a particular server. randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m28wew8ar6.wl%randy>