Date: Wed, 10 Dec 2003 13:24:25 -0800 From: hugle <hugle@vkt.lt> To: freebsd-ipfw@freebsd.org Subject: change ipfw/natd > ipf/ipnat (HELP needed) Message-ID: <118313877361.20031210132425@vkt.lt>
next in thread | raw e-mail | index | archive | help
Hello all *BSD users. I have a question here for you. I have a ruleset like : 00200 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6111 00201 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6112 00202 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6113 00203 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6114 00204 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6115 00205 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6116 00206 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6117 00207 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6118 00208 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6119 00210 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 4000 00211 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7787 00212 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7777 00213 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7877 00214 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7887 00215 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 9990 00216 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27005 00217 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27015 00220 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27500 00221 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27501 00222 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27960 00250 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6111 00251 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6112 00252 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6113 00253 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6114 00254 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6115 00255 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6116 00256 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6117 00257 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6118 00258 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6119 00260 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 4000 00261 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7787 00262 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7777 00263 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7877 00264 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 7887 00265 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 9990 00266 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27005 00267 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27015 00270 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27500 00271 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27501 00272 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 27960 00298 divert 8672 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 53 00299 divert 8672 udp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 53 00301 divert 8672 ip from 192.168.1.120 to not 192.168.0.0/16 00480 fwd 213.252.192.141 ip from 213.252.192.142 to any 00490 divert 8672 ip from any to 213.252.192.142 00501 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 22 00502 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 25 00503 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 80 00504 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 79 00505 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 80 00506 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 81 00507 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 110 00508 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 113 00509 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 443 00510 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 5050 00511 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 5190 00512 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 6667 00513 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 1863 00514 divert 8686 tcp from 192.168.0.0/16 to not 192.168.0.0/16 dst-port 2082 00515 divert 8686 tcp from 192.168.0.0/16 to 213.226.139.46 dst-port 7000 00520 divert 8686 icmp from 192.168.0.0/16 to not 192.168.0.0/16 00798 fwd 213.252.192.161 ip from 213.252.192.162 to any 00799 divert 8686 ip from any to 213.252.192.162 00997 divert 8668 ip from 192.168.0.0/16 to not 192.168.0.0/16 00998 fwd 212.59.9.1 ip from 212.59.9.59 to any 00999 divert 8668 ip from any to 212.59.9.59 in my ipfw, and natd rules: natd -a 212.59.9.59 -p 8668 natd -a 213.252.192.162 -p 8686 natd -a 213.252.192.142 -p 8672 these rules succesfully diverts traffic throught 3 different gateways absed on users destination PORT. Now the question is, how would i translate it to IPF+IPNAT? it is rather difficult to me to do that. so I ask You, to help me to deal with this problem... Since I tried many times to do that.. but the result I came up is that after addind ipf/ipnat rules my PC hangs up after 3-10 minutes ;)) So maybe could someone give me example on how to use 2 gateways using ipfilter? Thank you very much! Jarek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?118313877361.20031210132425>