Date: Tue, 27 Jan 2015 00:16:35 +0300 From: Maxim Filimonov <che@bein.link> To: freebsd-questions@freebsd.org, Polytropon <freebsd@edvax.de> Cc: Luciano Mannucci <luciano@vespaperitivo.it> Subject: Re: Simple NAT Message-ID: <355611034.aCCaRRifNT@thinkpad> In-Reply-To: <20150126213658.48423c08.freebsd@edvax.de> References: <3kWFlD70VnzRRrw@baobab.bilink.it> <20150126213658.48423c08.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3625970.RkfLBurhZK Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Monday 26 January 2015 21:36:58 Polytropon wrote: > On Mon, 26 Jan 2015 16:45:16 +0100, Luciano Mannucci wrote: > > I have a freebsd machine (FreeBSD troika 10.1-RELEASE FreeBSD 10.1-= RELEASE > > #0 r274401) with openvpn that works like a charm :-)... > > I wish to nat one and only one of my openvpn clients, possibly for = a > > single destination. What's the better way to avoid disturbing the r= est > > of the operations? > > Any clues? > > Is IPFW my friend? >=20 > Yes, that should work. In /etc/rc.conf, set >=20 > =09natd_enable=3D"YES" > =09natd_interface=3D"xl0" >=20 Why use natd, when ipfw can do kernel NAT? Just do the following: ipfw nat 1 config if <outer_iface> log reset same_ports=20 ipfw add 00011 nat 1 ip from <inner_network>/<mask> to any out xmit=20 <outer_iface> ipfw add 00012 nat 1 ip from any to <outer_ip> in recv <outer_iface> And replace <inner_network>, <mask>, <outer_ip>, <outer_iface> with the= =20 appropriate values. =2D-=20 wbr, Maxim Filimonov --nextPart3625970.RkfLBurhZK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJUxq6zAAoJEFvTvdclWgYFmaQQAIFnDgT1s7Fd7qBPzdNALfW8 +b3SgugjaLWi6UUdStG/6z7MXTQ63Pf77Cgk4oeHCNiQnYO2+8AytYQ9HMX904z6 R0tDNaKUFwE+FOPVk0pOMJNzvdOleDsbKeCSSO6DsfDxYTMxDn0MIraPAVgSXLX+ P3F9ZpVx1Nqg6MZyMfUdZhE08JaWw4G+HEeYvn9fPVAP/c8zurW6sp+SuVE5WXXT xvEeecs/4YFWiCSzwSGtjhUor9bESYS/1frxya7fhl3JMTs7TUV4OPXphF/9+FY0 IUsWIcKxy4f/OD/96aVxFzCQmDTil3aiGRsWG/RWLvoMaM25TY4zOy2W0h2h5scC ppb9EY22D+f011X8WhO1m7FQup+edA3di1gFNxHiQw5W+q6mHOH+RTdC6E7FGe9G mUb5t3nu7qX1NPKtuoy70ubXhf+kuXxXNy6kgjaYYA4meIDieM5v/1QLFA6hvvpn KXOeW9mIWn877PD1exIG2qEWvxtI6Lcu/3Tl2+udzYbF8rOzHl3kaGpVc71uQ1R/ OpW4VNty7ytEiWDwgP8juU0qpzOKz3kxm+rZqCvlatjkcGGeIo9H0CNKyGfZIRiv 6Oq8vGTKW7b284OrPZWAllDLTMSFExGnNERoOOVbKxJW1iIN9PQRdKOiS/0e71g5 mnEJutUexbz8LVp28mq2 =Gpjc -----END PGP SIGNATURE----- --nextPart3625970.RkfLBurhZK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?355611034.aCCaRRifNT>