Date: Tue, 6 Feb 2001 09:24:55 -0600 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Nevermind" <never@mile.nevermind.kiev.ua> Cc: <freebsd-stable@FreeBSD.ORG> Subject: Re: IPFilter and bimap -vs- natd? Message-ID: <004201c09050$f5fa9f40$3028680a@tgt.com> References: <003801c08fd9$bd0f8500$0100a8c0@cascade> <20010206154850.A29444@mile.nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, I am aware of this. I run NATD just fine and I use stateful rules in my custom rc.firewall.myfirewall script. However, I need to assign a one-to-one IP mapping from a public IP address to a private one. In the same way that IPFilter does this using bimap. I still have not figured it out. I have tried: natd -n dc1 -redirect_address 192.168.0.2 x.x.x.x No good. Natd ceases to do anything at all. I need it to make it appear to the outside world that each machines is using a different IP address using a static mapping. IPFilter does this wonderfully, but it is not maintained to any degree in 4.2-STABLE :( As far as proxying my port 80, I think I have it figured out. ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 keep-state via dc0 in I already had been using IPFORWARD in the kernel. As a side note: natd is causing all sorts of errors into my message log. Yet the errors seem to be harmless: "Feb 6 00:01:28 fuggle natd[151]: failed to write packet back (Permission denied)" "Last message repeated 34 times" I have not found any reason for this and natd is working fine. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Nevermind" <never@mile.nevermind.kiev.ua> To: "Thomas T. Veldhouse" <veldy@veldy.net> Cc: <freebsd-stable@FreeBSD.ORG> Sent: Tuesday, February 06, 2001 7:48 AM Subject: Re: IPFilter and bimap -vs- natd? > Hello, Thomas T. Veldhouse! > > On Mon, Feb 05, 2001 at 07:11:30PM -0600, you wrote: > > > Right now I am using IPFilter and ipnat for my firewall. I just found out that IPFW now supports stateful rules (how did I miss that - it has been there for awhile? :) Anyway, I would like to be able to do the following: > > > > 1. I need to redirect port 80 to 3128 for transparent proxying of the web using Squid. > ipfw add fwd 192.168.0.1,3128 tcp from any to any 80 via dc0 > > You should include > options IPFORWARD > into your kernel. > > > For translating there is example in rc.firewall. > > -- > NEVE-RIPE > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c09050$f5fa9f40$3028680a>