From owner-freebsd-questions Mon Apr 16 9:51:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197]) by hub.freebsd.org (Postfix) with ESMTP id 1674137B43C for ; Mon, 16 Apr 2001 09:51:53 -0700 (PDT) (envelope-from gunther@aurora.regenstrief.org) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f3GGqvA24415; Mon, 16 Apr 2001 11:52:57 -0500 Message-ID: <3ADB2324.139407E2@aurora.regenstrief.org> Date: Mon, 16 Apr 2001 16:51:48 +0000 From: Gunther Schadow Organization: Regenstrief Institute for Health Care X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: James Howard Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT with FreeBSD References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG James Howard wrote: > I am trying to set up a FreeBSD NAT firewall. good for you :-) > The external interface (fxp0) has an IP address of 172.25.21.20 (don't > ask). The internal (sis0) is 10.1.1.1. I have a PC behind it that is > 10.1.1.10. The NAT and all that works fine with these rules: > > 00100 328030 140010702 divert 8668 ip from any to any via fxp0 > 00200 578062 181527330 allow ip from any to any > 65535 534 67432 deny ip from any to any > > Now here is the trick. I want 172.25.21.21:25 to magically appear on > 10.1.1.10:25. All the documentation I have seen on this says I should > have the firewall listening to 172.25.21.21:25 and proxy through, but this > changes the source address on the final receiver. But I know this can be > done without modifiying the source address since I have done this with > Netscreens. But I do not know how with FreeBSD. Can someone whack me > with a clue stick? I'm not exactly sure what you're trying to do, but if you want packets kept from being NATed you can put a rule before your rule 100 to exemp packets with 172.25.21.21:25. But I don't know what to say since I'm not sure what you want to accomplish. If you just say ipfw add 99 pass ip then those are not NATed. You then set your routing table such that it forwards the packets to the right interface. I know you can also use the IPFW (or IPF?) as sort of a router by giving specific rules to fast forward a packet out on a certain interface. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message