From owner-freebsd-net  Thu May 14 12:09:33 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA24277
          for freebsd-net-outgoing; Thu, 14 May 1998 12:09:33 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from osku.suutari.iki.fi (kn6-045.ktvlpr.inet.fi [194.197.169.45])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA24262
          for <freebsd-net@FreeBSD.ORG>; Thu, 14 May 1998 12:09:23 -0700 (PDT)
          (envelope-from ari@suutari.iki.fi)
Received: from suutari.iki.fi (raisa.home.suutari.iki.fi [192.168.0.1])
	by osku.suutari.iki.fi (8.8.7/8.8.5) with ESMTP id WAA10408;
	Thu, 14 May 1998 22:09:19 +0300 (EET DST)
Message-ID: <355B3384.55681C04@suutari.iki.fi>
Date: Thu, 14 May 1998 21:10:12 +0300
From: Ari Suutari <ari@suutari.iki.fi>
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
CC: freebsd-net@FreeBSD.ORG
Subject: Re: IPFW + natd -redirect_port
References: <19980514143208.15101@deepo.prosa.dk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

Philippe Regnauld wrote:
> Example: redirect tcp port 80 on outside-A to tcp port 80 on B.
> 
> I've played around a bit but haven't got anything significant
> other than natd effectively logging packets, with the following setup:
> 
>   ipfw add 100 divert 6668 tcp from any to outside-A 80

	This rule handles only incoming packets, not outgoing ones.
	I have usually used

	ipfw add divert 6668 ip from any to any via ep0

	to make all traffic on internet interface to go through natd.
	Passing only some packets through nat and others directly
	might give you a conflict with port numbers.
> 
> and
> 
>   natd -log -redirect_port B:80 80 -interface ep0 (ep0 being the outside-A NIC).
> 

	This should be quite OK, remember that you must also have
	rule that allows traffic from external hosts to B:80. Like this:

	ipfw add pass tcp from any to any established
	ipfw add pass tcp from any to B 80 setup

		Ari S. <ari@suutari.iki.fi>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message