From owner-freebsd-net  Thu May 14 05:33:26 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA19322
          for freebsd-net-outgoing; Thu, 14 May 1998 05:33:26 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA19281
          for <freebsd-net@freebsd.org>; Thu, 14 May 1998 05:33:19 -0700 (PDT)
          (envelope-from regnauld@deepo.prosa.dk)
Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id QAA00162 for <freebsd-net@freebsd.org>; Thu, 14 May 1998 16:32:53 +0200
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id OAA08389
	for <freebsd-net@freebsd.org>; Thu, 14 May 1998 14:56:28 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id OAA23423;
	Thu, 14 May 1998 14:32:08 +0200 (CEST)
Message-ID: <19980514143208.15101@deepo.prosa.dk>
Date: Thu, 14 May 1998 14:32:08 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: freebsd-net@FreeBSD.ORG
Subject: IPFW + natd -redirect_port
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mailer: Mutt 0.88e
X-Operating-System: FreeBSD 2.2.5-RELEASE i386
Organization: PROSA
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi all,

I've succesfully been running IPFW + divert + natd, with simple
NAT turned on -- it's worked without a glitch so far.

What I'm trying to do is:

               /
              / (internet)
             /
          [R]			R = router
           |
 -----+----+-----outside
      |
     [A]				A = IPFW box
      |
 -----+----+-----inside
           |
          [B]			B = some box (www)


I would like to redirect any incoming connections from `outside' to
[A] to be redirected to [B] on an arbitrary port.

Example: redirect tcp port 80 on outside-A to tcp port 80 on B.

I've played around a bit but haven't got anything significant
other than natd effectively logging packets, with the following setup:

  ipfw add 100 divert 6668 tcp from any to outside-A 80

and

  natd -log -redirect_port B:80 80 -interface ep0 (ep0 being the outside-A NIC).


What am I missing ?  Will this work both ways ? (replies)
Also, the natd manpage is a bit obscure regarding the exact definition
of "target, alias and remote" addresses.

Thks for any help -- feel free to redirect to -security if this is
more appropriate.


-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
     «Pluto placed his bad dog at the entrance of Hades to keep the dead
      IN and the living  OUT!  The archetypical corporate firewall?»
                                                       - S. Kelly Bootle

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message