From owner-freebsd-ipfw@FreeBSD.ORG Fri Nov 14 16:21:04 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6E1E0FA1 for ; Fri, 14 Nov 2014 16:21:04 +0000 (UTC) Received: from cu01078b.smtpx.saremail.com (cu01078b.smtpx.saremail.com [195.16.151.53]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2F121D38 for ; Fri, 14 Nov 2014 16:21:03 +0000 (UTC) Received: from [172.16.2.46] (izaro.sarenet.es [192.148.167.11]) by proxypop04.sare.net (Postfix) with ESMTPSA id 1B9399DC67B for ; Fri, 14 Nov 2014 17:13:49 +0100 (CET) From: Egoitz Aurrekoetxea Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Questions about ipfw Message-Id: Date: Fri, 14 Nov 2014 17:13:47 +0100 To: freebsd-ipfw@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) X-Mailer: Apple Mail (2.1990.1) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 16:21:04 -0000 Good afternoon, I wanted to formulate a couple of questions I=E2=80=99m doing my self = some time ago.=20 1 - With Linux, Iptables and mod_conntrack_ftp you can allow only = connecting to unprivileged port ranges for=20 ftp passive mode to ip addresses who have properly established a tcp/21 = port connection. Is this possible in=20 FreeBSD with ipfw?. 2.- I am a client A connecting to public ip 1.1.1.1 (for example) of = host B. I want this packets at B to be redirected to host C but changing the source address of A from that packets with the ip = address of B. Later when B receives back the answer of C that packets from the answer to be redirected to A changing B = destination ip address to A destination ip address. So when telnetting from client A to host B for example to port 5000, really, to be = telnetting host C port 5000 for example and work this telnet properly = from A. The most important question is number two. Could you help me please?. Best regards.=