From owner-freebsd-net@freebsd.org Tue Feb 23 07:07:57 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E118AAB17C5 for ; Tue, 23 Feb 2016 07:07:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AF23C1FC3 for ; Tue, 23 Feb 2016 07:07:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from julian-mbp3.pixel8networks.com (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u1N77r9k007169 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 22 Feb 2016 23:07:55 -0800 (PST) (envelope-from julian@freebsd.org) Subject: Re: gateway machine port redirect question To: Gary Corcoran , freebsd-net@freebsd.org References: <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu> <56CA5AC4.8070502@rcn.com> From: Julian Elischer Message-ID: <56CC0544.8040002@freebsd.org> Date: Mon, 22 Feb 2016 23:07:48 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <56CA5AC4.8070502@rcn.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Feb 2016 07:07:57 -0000 On 21/02/2016 4:48 PM, Gary Corcoran wrote: > On 2/20/2016 9:22 PM, Valeri Galtsev wrote: >> Dear Experts, >> >> I'm one of Linux refugees who several years ago migrated majority of >> servers from Linux to FreeBSD and is happy since. When recently I >> needed >> to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 >> on it, >> used ipwf and natd, and all works well, machines behind gateway on >> LAN can >> happily reach real network. I hit one snag later though: When I >> tried to >> redirect TCP traffic on some port to machine on internal private >> network >> behind gateway, whatever I do doesn't work. >> >> Could somebody point to simple example (it doesn't matter which >> components >> are involved, I don't feel married to ipfw and natd) for FreeBSD >> 10.2 that >> makes the machine gateway, and one of the ports of traffic coming from >> public network is redirected to machine on private network behind >> gateway. >> Something I can reproduce that works, which I then will gradually >> convert >> into what I need. Other way around: adding redirection to already >> working >> (and a bit sophisticated) gateway I set up appears to be beyond my >> mental >> abilities: a couple of weeks of frustration confirm it to me. >> >> I really do not want to go back to Linux to do this, even though I >> feel I >> can do it based on Linux in a course of an hour or two - I've set >> up a few >> of them in the past using Linux, that's the longest it took me in my >> recollection. >> >> Thanks in advance for all your answers and pointers! >> >> Valeri >> >> ++++++++++++++++++++++++++++++++++++++++ >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> ++++++++++++++++++++++++++++++++++++++++ >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > Something like this? It redirects external port 1234 to a machine > on the internal > network at port 80. In your natd.conf, put something like this: > redirect_port tcp 10.12.34.56:80 1234 yes but he wants this to be activated for sessions from the inside too, from hosts thinking that they are accessing some external host, (maybe for testing?) > > Gary > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >