From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 19:32:19 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DC454DB2 for ; Wed, 13 Aug 2014 19:32:19 +0000 (UTC) Received: from relay.mailchannels.net (tkt-001-i389.relay.mailchannels.net [72.249.144.204]) by mx1.freebsd.org (Postfix) with ESMTP id 272C424AE for ; Wed, 13 Aug 2014 19:32:18 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.32.44 Received: from mail-24.name-services.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183]) by relay.mailchannels.net (Postfix) with ESMTPA id 62D8E6016D; Wed, 13 Aug 2014 19:14:15 +0000 (UTC) X-Sender-Id: _forwarded-from|107.201.32.44 Received: from mail-24.name-services.com (mail-24.name-services.com [10.245.145.206]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.2.12); Wed, 13 Aug 2014 19:14:16 GMT X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|107.201.32.44 X-MailChannels-Auth-Id: demandmedia X-MC-Ingress-Time: 1407957256381 Received: from [10.0.10.1] (107-201-32-44.lightspeed.bcvloh.sbcglobal.net [107.201.32.44]) by mail-24.name-services.com with SMTP; Wed, 13 Aug 2014 12:14:10 -0700 Message-ID: <53EBB8FF.6040504@a1poweruser.com> Date: Wed, 13 Aug 2014 15:14:07 -0400 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Adam Vande More Subject: Re: NAT question References: <3hYH0x3vTtzCy1h@baobab.bilink.it> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Mailing List , Luciano Mannucci X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2014 19:32:19 -0000 Adam Vande More wrote: > On Wed, Aug 13, 2014 at 11:48 AM, Luciano Mannucci > wrote: > >> Hello, I'm still migrating machines from linux to FreeBSD. I'm wondering if >> my translation from this iptables linux rule >> >> iptables -t nat -A POSTROUTING -s 192.168.7.234/32 -d 172.16.1.0/24 -o >> eth1 -j >> MASQUERADE >> >> (which means moreless if Mr 192.168.7.234 wherever he comes fom passes >> through our eth1 interface to go to 172.16.1 network should get our >> eth1 address instead of his) >> >> is moreless correctly translated in FreeBSD ipnat rules as >> >> map em0 192.168.7.234/32 -> 0/32 >> >> or I'm missing something? > > > You might want to use a more integrated and supported FW such as IPFW or PF > to do NAT. > > > Disregard that last post. ipfilter was updated to the current version 5 in RELEASE 10.0 and I think also for 9.3. Been using ipfilter since RELEASE 4.0 without any problems. Its rock hard and easy to use. map = The keyword map starts the rule. em0 = The interface name of the interface facing the public Internet. 192.168.7.234/32 = The IP address range of the private LAN. -> = Mandatory arrow symbol. 0.32 = The IP address/netmask assigned by your ISP. The special alias keyword 0.32 tells ipnat to get the current public IP address of the interface specified on this statement and substitute it for the 0.32 keyword.