From owner-freebsd-stable Tue Feb 6 7:25:20 2001 Delivered-To: freebsd-stable@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id B1CEB37B4EC for ; Tue, 6 Feb 2001 07:25:02 -0800 (PST) Received: from HP2500B (veldy.net [64.1.117.28]) by veldy.net (Postfix) with SMTP id 81EC28C4B; Tue, 6 Feb 2001 09:24:35 -0600 (CST) Message-ID: <004201c09050$f5fa9f40$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: "Nevermind" Cc: References: <003801c08fd9$bd0f8500$0100a8c0@cascade> <20010206154850.A29444@mile.nevermind.kiev.ua> Subject: Re: IPFilter and bimap -vs- natd? Date: Tue, 6 Feb 2001 09:24:55 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yes, I am aware of this. I run NATD just fine and I use stateful rules in my custom rc.firewall.myfirewall script. However, I need to assign a one-to-one IP mapping from a public IP address to a private one. In the same way that IPFilter does this using bimap. I still have not figured it out. I have tried: natd -n dc1 -redirect_address 192.168.0.2 x.x.x.x No good. Natd ceases to do anything at all. I need it to make it appear to the outside world that each machines is using a different IP address using a static mapping. IPFilter does this wonderfully, but it is not maintained to any degree in 4.2-STABLE :( As far as proxying my port 80, I think I have it figured out. ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 keep-state via dc0 in I already had been using IPFORWARD in the kernel. As a side note: natd is causing all sorts of errors into my message log. Yet the errors seem to be harmless: "Feb 6 00:01:28 fuggle natd[151]: failed to write packet back (Permission denied)" "Last message repeated 34 times" I have not found any reason for this and natd is working fine. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Nevermind" To: "Thomas T. Veldhouse" Cc: Sent: Tuesday, February 06, 2001 7:48 AM Subject: Re: IPFilter and bimap -vs- natd? > Hello, Thomas T. Veldhouse! > > On Mon, Feb 05, 2001 at 07:11:30PM -0600, you wrote: > > > Right now I am using IPFilter and ipnat for my firewall. I just found out that IPFW now supports stateful rules (how did I miss that - it has been there for awhile? :) Anyway, I would like to be able to do the following: > > > > 1. I need to redirect port 80 to 3128 for transparent proxying of the web using Squid. > ipfw add fwd 192.168.0.1,3128 tcp from any to any 80 via dc0 > > You should include > options IPFORWARD > into your kernel. > > > For translating there is example in rc.firewall. > > -- > NEVE-RIPE > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message