Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Feb 2016 20:49:08 -0700 (MST)
From:      Warren Block <wblock@wonkity.com>
To:        Valeri Galtsev <galtsev@kicp.uchicago.edu>
Cc:        freebsd-net@freebsd.org
Subject:   Re: gateway machine port redirect question
Message-ID:  <alpine.BSF.2.20.1602202037340.76788@wonkity.com>
In-Reply-To: <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu>
References:  <43887.128.135.52.6.1456021321.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 20 Feb 2016, Valeri Galtsev wrote:

> Dear Experts,
>
> I'm one of Linux refugees who several years ago migrated majority of
> servers from Linux to FreeBSD and is happy since. When recently I needed
> to set up gateway (Firewall + NAT) machine, I set up FreeBSD 10.2 on it,
> used ipwf and natd, and all works well, machines behind gateway on LAN can
> happily reach real network. I hit one snag later though: When I tried to
> redirect TCP traffic on some port to machine on internal private network
> behind gateway, whatever I do doesn't work.
>
> Could somebody point to simple example (it doesn't matter which components
> are involved, I don't feel married to ipfw and natd) for FreeBSD 10.2 that
> makes the machine gateway, and one of the ports of traffic coming from
> public network is redirected to machine on private network behind gateway.
> Something I can reproduce that works, which I then will gradually convert
> into what I need. Other way around: adding redirection to already working
> (and a bit sophisticated) gateway I set up appears to be beyond my mental
> abilities: a couple of weeks of frustration confirm it to me.

I haven't used IPFW in many years, but it can do it.  For pf, this works:

ext_if="em0"
internal_net="192.168.1.0/24"
external_addr="a.b.c.d"
webserver="192.168.1.240"
...
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $ext_if proto tcp from any to $external_addr port 80 -> $webserver

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1602202037340.76788>