Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Jul 2011 18:05:26 -0500
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Michael Sierchio <kudzu@tenebras.com>
Cc:        Bill Tillman <btillman99@yahoo.com>, freebsd-questions@freebsd.org
Subject:   Re: IPFW Firewall NAT inbound port-redirect
Message-ID:  <20110712230525.GJ6611@dan.emsphone.com>
In-Reply-To: <CAHu1Y73-M7Ds=zNUDDJboh7_eEPT-uiL6qULBghFJK__NiFKzQ@mail.gmail.com>
References:  <CAHu1Y70Uq1AkMF--rB8sAw2M1NW8a0x1H9voTPsy3cm5vQ6O2Q@mail.gmail.com> <20110711170729.GG6611@dan.emsphone.com> <1310473165.58370.YahooMailRC@web36501.mail.mud.yahoo.com> <CAHu1Y725TGa8D=TQCKa7VQYDVAFLoABdFOZ%2BJwnMOBck0gWzyA@mail.gmail.com> <20110712160304.GI6611@dan.emsphone.com> <CAHu1Y73-M7Ds=zNUDDJboh7_eEPT-uiL6qULBghFJK__NiFKzQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (Jul 12), Michael Sierchio said:
> On Tue, Jul 12, 2011 at 9:03 AM, Dan Nelson <dnelson@allantgroup.com> wrote:
> > In the last episode (Jul 12), Michael Sierchio said:
> >> Is there a way of specifying a particular public address if there is
> >> more than one bound to the external interface?  A la
> >>
> >> nat 123 config if re0.2 log same_ports redirect_port tcp 10.0.0.3:22 102.10.22.1:2222
> >
> > Yes; the redirect_port syntax is described in the natd manpage:
> >
> >     redirect_port proto targetIP:targetPORT[-targetPORT]
> >                 [aliasIP:]aliasPORT[-aliasPORT]
> >                 [remoteIP[:remotePORT[-remotePORT]]]
> >
>
> We're not talking about natd.  The question was about the use of
> ipfirewall nat.

Right, but ipfw nat is basically the userland libalias library loaded as a
kernel module, so the config parameters are the same.

$ grep MODULE_DEPEND /sys/netinet/ipfw/ip_fw_nat.c
MODULE_DEPEND(ipfw_nat, libalias, 1, 1, 1);
MODULE_DEPEND(ipfw_nat, ipfw, 2, 2, 2);

also, man ipfw:


NETWORK ADDRESS TRANSLATION (NAT)
     ipfw support in-kernel NAT using the kernel version of libalias(3).
[..]
   REDIRECT AND LSNAT SUPPORT IN IPFW
     Redirect and LSNAT support follow closely the syntax used in natd(8).
     See Section EXAMPLES for some examples on how to do redirect and lsnat.


-- 
	Dan Nelson
	dnelson@allantgroup.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110712230525.GJ6611>