From owner-freebsd-questions@FreeBSD.ORG Tue Jul 12 23:05:28 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63C541065672 for ; Tue, 12 Jul 2011 23:05:28 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email2.allantgroup.com (email2.emsphone.com [199.67.51.116]) by mx1.freebsd.org (Postfix) with ESMTP id 09C318FC18 for ; Tue, 12 Jul 2011 23:05:27 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email2.allantgroup.com (8.14.4/8.14.4) with ESMTP id p6CN5Qge000436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 12 Jul 2011 18:05:27 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.5/8.14.5) with ESMTP id p6CN5Qrn092175 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 12 Jul 2011 18:05:26 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.5/8.14.5/Submit) id p6CN5QTB092174; Tue, 12 Jul 2011 18:05:26 -0500 (CDT) (envelope-from dan) Date: Tue, 12 Jul 2011 18:05:26 -0500 From: Dan Nelson To: Michael Sierchio Message-ID: <20110712230525.GJ6611@dan.emsphone.com> References: <20110711170729.GG6611@dan.emsphone.com> <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> <20110712160304.GI6611@dan.emsphone.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-OS: FreeBSD 8.2-STABLE User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.97 at email2.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.6 (email2.allantgroup.com [199.67.51.78]); Tue, 12 Jul 2011 18:05:27 -0500 (CDT) X-Scanned-By: MIMEDefang 2.68 on 199.67.51.78 Cc: Bill Tillman , freebsd-questions@freebsd.org Subject: Re: IPFW Firewall NAT inbound port-redirect X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2011 23:05:28 -0000 In the last episode (Jul 12), Michael Sierchio said: > On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson wrote: > > In the last episode (Jul 12), Michael Sierchio said: > >> Is there a way of specifying a particular public address if there is > >> more than one bound to the external interface?  A la > >> > >> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1:2222 > > > > Yes; the redirect_port syntax is described in the natd manpage: > > > >     redirect_port proto targetIP:targetPORT[-targetPORT] > >                 [aliasIP:]aliasPORT[-aliasPORT] > >                 [remoteIP[:remotePORT[-remotePORT]]] > > > > We're not talking about natd. The question was about the use of > ipfirewall nat. Right, but ipfw nat is basically the userland libalias library loaded as a kernel module, so the config parameters are the same. $ grep MODULE_DEPEND /sys/netinet/ipfw/ip_fw_nat.c MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1); MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2); also, man ipfw: NETWORK ADDRESS TRANSLATION (NAT) ipfw support in-kernel NAT using the kernel version of libalias(3). [..] REDIRECT AND LSNAT SUPPORT IN IPFW Redirect and LSNAT support follow closely the syntax used in natd(8). See Section EXAMPLES for some examples on how to do redirect and lsnat. -- Dan Nelson dnelson@allantgroup.com