From owner-freebsd-ipfw@FreeBSD.ORG Wed Feb 4 23:14:42 2015 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 34086A1; Wed, 4 Feb 2015 23:14:42 +0000 (UTC) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id E93677D3; Wed, 4 Feb 2015 23:14:41 +0000 (UTC) Received: from [IPv6:2001:470:923f:2:c806:d810:44dc:8c6f] (unknown [IPv6:2001:470:923f:2:c806:d810:44dc:8c6f]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id AFE5F5C003; Thu, 5 Feb 2015 02:14:35 +0300 (MSK) Message-ID: <54D2A7E1.2020902@FreeBSD.org> Date: Thu, 05 Feb 2015 02:14:41 +0300 From: Lev Serebryakov Reply-To: lev@FreeBSD.org Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: does "nat redirect_port tcp" works for you on -CURRENT? References: <54D29A21.2080006@FreeBSD.org> In-Reply-To: <54D29A21.2080006@FreeBSD.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2015 23:14:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05.02.2015 01:16, Lev Serebryakov wrote: > I have such rules in my firewall: > > nat 9 config redirect_port tcp 192.168.134.2:16881 16881 > redirect_port udp 192.158.134.2:16881 16881 redirect_port tcp > 192.168.134.2:22 22222 > > nat 1 config ip $EXT_IP same_ports One more datapoint: if I merge this to one NAT (and change rules accordingly), redirect work as expected. But I have TWO different NATs in full config (for two ISPs) and don't want to duplicate all redirection specifications, but want to use third "common" NAT config. And such usage is shown in ipfw(8)! - -- // Lev Serebryakov AKA Black Lion -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQJ8BAEBCgBmBQJU0qfhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePtxMQAMg/YeLuNTP4KzKAGb8Z0AXc RLMdopJaZ81R5f4LnWtcQR1n0hzdLRhsmFvPLuHUdB6RgFbJ+TreMZq4h5IMLivy Wig9Uljhjkd6nS415ca4pQSrd9fzymI69WTLq/WSHwgxv6ngeT1x97cNh20R9VuD 3tPxj70Lf5IhtHB4MePpb3mh+iaLuaB9pizoP57M7YghN5qjvgXnaDRPamWiCfJl moUAXL1OQ0wInz1G9Z08nXJQz33mcJWlBNlPUc6n58nGjJGrgtNQL7sNCbs9yvVg +3+bHVH1e6v0BVuDKfEpYPP9KjCCLPWQvh7IgMpjur4fUBpe2TGVo+PS5i8ndakF KGvhmqJYsENuyh4GbiyQPN6kbDXXWl/PnUDKmtRHAdFMPLYOPkrgH4WJgHOU2zuR +iOmT5pmhG/9lb8yrNy8gmWgoj8XUvA/RlCHNtqzKVX9A6cFk+Tg5XMYSGbFlWYL h/O72zcSc7HQ/bsgj2sDT8ohfyIRCo9PtQPXtC2t0rdrDRQllCGNRALnUk8C0K2+ 4cYN4R3fIEjIBXAl6eCPlBDJEzS+WnXNNea1qIlW54vP5JmtQ7AMaSl0teUxNInU 8V4OUl+R9XMG456Ri370abfFHIr8PN63G9FhfCjWAPzyAYLR48HooGcCZN9Zzz4L vYxM8Xo9xKtuV9G9E8f0 =GIA1 -----END PGP SIGNATURE-----