From owner-freebsd-net@FreeBSD.ORG  Wed Oct 28 03:20:47 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8AC46106566C
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 03:20:47 +0000 (UTC)
	(envelope-from randy@psg.com)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:1::36])
	by mx1.freebsd.org (Postfix) with ESMTP id 69D208FC15
	for <freebsd-net@freebsd.org>; Wed, 28 Oct 2009 03:20:47 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=rmac.psg.com)
	by ran.psg.com with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <randy@psg.com>)
	id 1N2z5Z-000Mo5-Ms; Wed, 28 Oct 2009 03:20:45 +0000
Received: from rmac.local.psg.com (localhost [127.0.0.1])
	by rmac.psg.com (Postfix) with ESMTP id 202A12BBBA62;
	Wed, 28 Oct 2009 12:20:45 +0900 (JST)
Date: Wed, 28 Oct 2009 12:20:45 +0900
Message-ID: <m28wew8ar6.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Chris Cowart <ccowart@rescomp.berkeley.edu>
In-Reply-To: <20091027231434.GC11723@hal.rescomp.berkeley.edu>
References: <20091027224716.M1459@alentogroup.org>
	<20091027231434.GC11723@hal.rescomp.berkeley.edu>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Cc: freebsd-net@freebsd.org, remodeler <remodeler@alentogroup.org>
Subject: Re: Port-forwarding with IPFW / natd
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 03:20:47 -0000

> Using natd (or ipfw nat) has the ability to manipulate the IP address
> and ports of a packet. The fwd capability in ipfw does not modify the
> layer 3 headers, but instead short-circuits the next-hop logic. Take a
> look at the fwd description in ipfw(8).
> 
> I would recommend using the ipfw built-in nat support (search for NAT in
> ipfw(8)) instead of the old-style divert solution. As I understand it,
> divert has overhead related to copying the packets to and from userland,
> which is unnecessary when using the in-kernel implementation.

i keep circling this area too.  my problem is that i use the nat of ppp
for the external pppoe.  but i want to redirect inbound ssh to a
particular server.

randy