From owner-freebsd-questions  Tue Jul 10  8:25:49 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from shumai.marcuscom.com (rdu26-228-058.nc.rr.com [66.26.228.58])
	by hub.freebsd.org (Postfix) with ESMTP id 87A6937B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 10 Jul 2001 08:25:45 -0700 (PDT)
	(envelope-from marcus@marcuscom.com)
Received: from localhost (marcus@localhost)
	by shumai.marcuscom.com (8.11.3/8.11.3) with ESMTP id f6AFQ7c04488;
	Tue, 10 Jul 2001 11:26:07 -0400 (EDT)
	(envelope-from marcus@marcuscom.com)
X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs
Date: Tue, 10 Jul 2001 11:26:07 -0400 (EDT)
From: Joe Clarke <marcus@marcuscom.com>
To: deasey <deasey@mymachine.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: firewall and freebsd 4.3
In-Reply-To: <Pine.LNX.4.21.0107101106190.13313-100000@server1.netpath.net>
Message-ID: <20010710112151.L4461-100000@shumai.marcuscom.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Personally, I've never tried to ``divert'' packets to other machines.
However, you might be able to do this with divert and static PAT.  IF you
setup your ipfw rule to only allow the hosts you care about to be diverted
to natd, then you can accomplish what you want.  Check out the manpage for
natd, and look at the -redirect_port option.  If you need multiple
instances of natd, checkout the -p option for specifying a port for natd
to read and write.

Like I said, I haven't tried this, but it should work for you.

Joe Clarke

On Tue, 10 Jul 2001, deasey wrote:

> > out with errata to boot.  Do you have any specific questions?
> >
> > Joe Clarke
>
> Yes in the book that I have it looks like the divert command can only
> divert an incomming packet to another port on the machine running the
> firewall.  Is this still true and are their any tools to divert the packet
> to another machine ?
>
> Here's what I am trying to accomplish, I have 3 machines that will be
> behind the firewall, one of which is a windows box running radmin. (a
> remote control program, which uses port 4899) I wish to allow some ip's to
> be delivered to this box/port if they come from a range of ip address.
>
> Is this possible ?
>
> Thanks
>
> Geoffrey
>
>
>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message