Date: Sat, 21 Feb 2015 13:28:14 -0500 From: Mason Loring Bliss <mason@blisses.org> To: "Paul A. Procacci" <pprocacci@datapipe.com> Cc: freebsd-net@freebsd.org Subject: Re: NAT question Message-ID: <20150221182814.GZ24491@blisses.org> In-Reply-To: <20150221054604.GD14405@freenx.int.smq.datapipe.net> References: <20150221020818.GY24491@blisses.org> <20150221054604.GD14405@freenx.int.smq.datapipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 21, 2015 at 12:46:04AM -0500, Paul A. Procacci wrote:
> There is a section in ipfw(8) labeled: 'NETWORK ADDRESS TRANSLATION (NAT)'
> In that section it details how to bind a nat instance to an ip address.
> (Namely, the ip argument)
I'm not sure how I missed that there can be multiple NAT instances, seeing
that they're numbered. =cough=
> Then you can use ipfw to throw packets at whatever nat instance you want.
It looks like I do this with
ipfw add nat <number> all from <internal> to any
to tie <internal> to the external address I'll later specify with "config ip
foo", if I'm reading this correctly. It'll be easy enough to test.
Another question comes up - to do DNAT and pass inbound connections back to
different hosts depending on which external address is used, do I want to set
up something like
ipfw add nat <number> all from any to <external>
...or do I want to do something with the "reverse" config element? the man
page is light on description for "reverse".
Anyway, thank you for orienting me.
--
Mason Loring Bliss (( "In the drowsy dark cave of the mind dreams
mason@blisses.org )) build their nest with fragments dropped
http://blisses.org/ (( from day's caravan." - Rabindranath Tagore
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150221182814.GZ24491>