From owner-freebsd-questions@FreeBSD.ORG Thu Mar 15 12:44:42 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2BF9716A400 for ; Thu, 15 Mar 2007 12:44:42 +0000 (UTC) (envelope-from lelik_b@bk.ru) Received: from mx28.mail.ru (mx28.mail.ru [194.67.23.67]) by mx1.freebsd.org (Postfix) with ESMTP id DEEC613C457 for ; Thu, 15 Mar 2007 12:44:41 +0000 (UTC) (envelope-from lelik_b@bk.ru) Received: from mx33.mail.ru (mx33.mail.ru [194.67.23.194]) by mx28.mail.ru (mPOP.Fallback_MX) with ESMTP id BCBD96C4773 for ; Thu, 15 Mar 2007 15:25:53 +0300 (MSK) Received: from [83.219.130.0] (port=11137 helo=[127.0.0.1]) by mx33.mail.ru with asmtp id 1HRp1k-000Ne7-00 for freebsd-questions@freebsd.org; Thu, 15 Mar 2007 15:25:52 +0300 Message-ID: <45F93B4C.2010704@bk.ru> Date: Thu, 15 Mar 2007 14:25:48 +0200 From: =?UTF-8?B?ItCQ0LvQtdC60YHQtdC5INCRLiI=?= User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: ipnat. Mapping only specified port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2007 12:44:42 -0000 I use IPFilter firewall and I need to remap only packets with specified port in destination. Other traffic should not be remapped. IPNAT(5) says following: Matching of packets has now been extended to allow more complex compares. In place of the address which is to be translated, an IP address and port number comparison can be made using the same expressions available with *ipf*. I tried the following line in ipnat.rules: map rl0 from 192.168.0.0/24 to any port=pop3 -> 0.0.0.0/32 But it didn’t help: isrv# ipnat -CF -f /etc/ipnat.rules 0 entries flushed from NAT table 1 entries flushed from NAT list isrv# ipnat -l List of active MAP/Redirect filters: map rl0 from 192.168.0.0/24 to any -> 0.0.0.0/32 List of active sessions: isrv# As you can see, active filter didn’t contain port I need. How can I specify IP address and port number to be translated in ipnat.rules? Or can I restrict NAT for all traffic to specified network? --- Alexey B.