From owner-freebsd-questions@FreeBSD.ORG Mon Jan 26 21:24:37 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7BA5F5F6 for ; Mon, 26 Jan 2015 21:24:37 +0000 (UTC) Received: from mail.bein.link (bein.link [37.252.124.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 36AFC81 for ; Mon, 26 Jan 2015 21:24:36 +0000 (UTC) Received: from thinkpad.localnet (home.bein.link [172.16.32.6]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bein.link (Postfix) with ESMTPSA id D7BEA1AF182; Mon, 26 Jan 2015 21:16:42 +0000 (UTC) From: Maxim Filimonov To: freebsd-questions@freebsd.org, Polytropon Subject: Re: Simple NAT Date: Tue, 27 Jan 2015 00:16:35 +0300 Message-ID: <355611034.aCCaRRifNT@thinkpad> User-Agent: KMail/4.14.2 (FreeBSD/10.1-RELEASE; KDE/4.14.2; amd64; ; ) In-Reply-To: <20150126213658.48423c08.freebsd@edvax.de> References: <3kWFlD70VnzRRrw@baobab.bilink.it> <20150126213658.48423c08.freebsd@edvax.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3625970.RkfLBurhZK"; micalg="pgp-sha256"; protocol="application/pgp-signature" Cc: Luciano Mannucci X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 21:24:37 -0000 --nextPart3625970.RkfLBurhZK Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Monday 26 January 2015 21:36:58 Polytropon wrote: > On Mon, 26 Jan 2015 16:45:16 +0100, Luciano Mannucci wrote: > > I have a freebsd machine (FreeBSD troika 10.1-RELEASE FreeBSD 10.1-= RELEASE > > #0 r274401) with openvpn that works like a charm :-)... > > I wish to nat one and only one of my openvpn clients, possibly for = a > > single destination. What's the better way to avoid disturbing the r= est > > of the operations? > > Any clues? > > Is IPFW my friend? >=20 > Yes, that should work. In /etc/rc.conf, set >=20 > =09natd_enable=3D"YES" > =09natd_interface=3D"xl0" >=20 Why use natd, when ipfw can do kernel NAT? Just do the following: ipfw nat 1 config if log reset same_ports=20 ipfw add 00011 nat 1 ip from / to any out xmit=20 ipfw add 00012 nat 1 ip from any to in recv And replace , , , with the= =20 appropriate values. =2D-=20 wbr, Maxim Filimonov --nextPart3625970.RkfLBurhZK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJUxq6zAAoJEFvTvdclWgYFmaQQAIFnDgT1s7Fd7qBPzdNALfW8 +b3SgugjaLWi6UUdStG/6z7MXTQ63Pf77Cgk4oeHCNiQnYO2+8AytYQ9HMX904z6 R0tDNaKUFwE+FOPVk0pOMJNzvdOleDsbKeCSSO6DsfDxYTMxDn0MIraPAVgSXLX+ P3F9ZpVx1Nqg6MZyMfUdZhE08JaWw4G+HEeYvn9fPVAP/c8zurW6sp+SuVE5WXXT xvEeecs/4YFWiCSzwSGtjhUor9bESYS/1frxya7fhl3JMTs7TUV4OPXphF/9+FY0 IUsWIcKxy4f/OD/96aVxFzCQmDTil3aiGRsWG/RWLvoMaM25TY4zOy2W0h2h5scC ppb9EY22D+f011X8WhO1m7FQup+edA3di1gFNxHiQw5W+q6mHOH+RTdC6E7FGe9G mUb5t3nu7qX1NPKtuoy70ubXhf+kuXxXNy6kgjaYYA4meIDieM5v/1QLFA6hvvpn KXOeW9mIWn877PD1exIG2qEWvxtI6Lcu/3Tl2+udzYbF8rOzHl3kaGpVc71uQ1R/ OpW4VNty7ytEiWDwgP8juU0qpzOKz3kxm+rZqCvlatjkcGGeIo9H0CNKyGfZIRiv 6Oq8vGTKW7b284OrPZWAllDLTMSFExGnNERoOOVbKxJW1iIN9PQRdKOiS/0e71g5 mnEJutUexbz8LVp28mq2 =Gpjc -----END PGP SIGNATURE----- --nextPart3625970.RkfLBurhZK--