Date: Mon, 16 Apr 2001 16:51:48 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: James Howard <howardjp@well.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT with FreeBSD Message-ID: <3ADB2324.139407E2@aurora.regenstrief.org> References: <Pine.GSO.4.21.0104160849220.22248-100000@well.com>
next in thread | previous in thread | raw e-mail | index | archive | help
James Howard wrote: > I am trying to set up a FreeBSD NAT firewall. good for you :-) > The external interface (fxp0) has an IP address of 172.25.21.20 (don't > ask). The internal (sis0) is 10.1.1.1. I have a PC behind it that is > 10.1.1.10. The NAT and all that works fine with these rules: > > 00100 328030 140010702 divert 8668 ip from any to any via fxp0 > 00200 578062 181527330 allow ip from any to any > 65535 534 67432 deny ip from any to any > > Now here is the trick. I want 172.25.21.21:25 to magically appear on > 10.1.1.10:25. All the documentation I have seen on this says I should > have the firewall listening to 172.25.21.21:25 and proxy through, but this > changes the source address on the final receiver. But I know this can be > done without modifiying the source address since I have done this with > Netscreens. But I do not know how with FreeBSD. Can someone whack me > with a clue stick? I'm not exactly sure what you're trying to do, but if you want packets kept from being NATed you can put a rule before your rule 100 to exemp packets with 172.25.21.21:25. But I don't know what to say since I'm not sure what you want to accomplish. If you just say ipfw add 99 pass ip <your special criteria> then those are not NATed. You then set your routing table such that it forwards the packets to the right interface. I know you can also use the IPFW (or IPF?) as sort of a router by giving specific rules to fast forward a packet out on a certain interface. regards -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ADB2324.139407E2>