From owner-freebsd-questions Wed Mar 14 9: 6:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id C7C6937B719 for ; Wed, 14 Mar 2001 09:06:17 -0800 (PST) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f2EHa7P36727; Wed, 14 Mar 2001 11:36:08 -0600 (CST) (envelope-from nick@rogness.net) Date: Wed, 14 Mar 2001 11:36:07 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Jeremy Keith Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW + NATD Grouping In-Reply-To: <000001c0ac9e$de999030$a000000a@monarch.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 14 Mar 2001, Jeremy Keith wrote: > I'm currently using NATD and port forwarding into my internal home > network. Is it possible to redirect incoming based on source? eg. > My wife and I have PC Anywhere which we like to connect to our own > computers. > > Is it possible that when my wife trys to connect from her work, it > sees the ip she's coming from and redirects the pcanywhere port to her > machine. And when I connect from my work it redirects it to my > computer becuase of my source? > You could, but it would probably be easier to redirect based on destination address or port. I have examples of both below. I couldn't remember what the ports were for PC ANywhere so I assumed it was 5632 tcp... > I realize I could add another public IP on the box and do it that way, but > I'm wondering if theres a way to do this with one IP? Yes. Example 1 (Destination based natd setup): Use natd's redirect_port option to send it to the proper machine. Here is an example: //In /etc/natd.conf: interface ep0 port 8668 redirect_port tcp 192.168.1.10:5632 5632 redirect_port tcp 192.168.1.11:5632 6001 Where your machine is 192.168.1.10 (inside). Your wife's machine is 192.168.1.11. She will have to configure her PC Anywhere client to connect to her machine at home with port 6001. Your client does not need any reconfiguring. Then: natdserver# natd -f /etc/natd.conf Example 2 (Source based natd setup): If you wanted to use source based natd stuff, you can it is just a bit more complicated. You would need to run 2 different natd's. Each with a similar (not exactly) natd.conf files above. The with ipfw you could do: // Your ipfw entry (your work machine is A.A.A.A) # ipfw add 50 divert natd ip from A.A.A.A to any in via ep0 # ipfw add 51 divert natd ip from any to A.A.A.A out via ep0 // Your wife's ipfw entry (her work machine is B.B.B.B) # ipfw add 150 divert natd2 ip from B.B.B.B to any in via ep0 # ipfw add 151 divert natd2 ip from any to B.B.B.B out via ep0 // Normal natd traffic # ipfw add 200 divert natd ip from any to any via ep0 And that's just the ipfw stuff. You still need to setup the natd.conf files and natd2 in /etc/services before this will work. If you need more help let us know! Nick Rogness - Keep on routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message