Date: Mon, 5 Feb 2001 19:11:30 -0600 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: <freebsd-stable@freebsd.org> Subject: IPFilter and bimap -vs- natd? Message-ID: <003801c08fd9$bd0f8500$0100a8c0@cascade>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0035_01C08FA7.72613EE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Right now I am using IPFilter and ipnat for my firewall. I just found = out that IPFW now supports stateful rules (how did I miss that - it has = been there for awhile? :) Anyway, I would like to be able to do the = following: 1. I need to redirect port 80 to 3128 for transparent proxying of the = web using Squid. 2. I need to map real IP addresses to my private lan and back again - = so to the outside it appears that a private address is translated to a = public address. Here are my rules for ipnat currently: # run nat for our internal network bimap dc1 192.168.0.2/32 -> x.x.x.x/32 bimap dc1 192.168.0.3/32 -> x.x.x.y/32 bimap dc1 192.168.0.4/32 -> x.x.x.z/32 # redirect all lan web traffic to squid rdr dc0 0/0 port 80 -> 192.168.0.1 port 3128 How can I do the same thing using natd? I have tried "redirect_address" as an option, but it doesn't seem to = work. As a matter of fact, if I use it, NAT seems to quit working = altogether. Thanks in advance, Tom Veldhouse veldy@veldy.net ------=_NextPart_000_0035_01C08FA7.72613EE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.3103.1000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Right now I am using IPFilter and ipnat = for my=20 firewall. I just found out that IPFW now supports stateful rules = (how did=20 I miss that - it has been there for awhile? :) Anyway, I would = like to be=20 able to do the following:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>1. I need to redirect port 80 to = 3128 for=20 transparent proxying of the web using Squid.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>2. I need to map real IP = addresses to my=20 private lan and back again - so to the outside it appears that a private = address=20 is translated to a public address.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Here are my rules for ipnat = currently:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2># run nat for our internal = network<BR>bimap dc1=20 192.168.0.2/32 -> x.x.x.x/32<BR>bimap dc1 192.168.0.3/32 ->=20 x.x.x.y/32<BR>bimap dc1 192.168.0.4/32 -> x.x.x.z/32</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2># redirect all lan web traffic to = squid<BR>rdr dc0=20 0/0 port 80 -> 192.168.0.1 port 3128</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>How can I do the same thing using=20 natd?</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I have tried "redirect_address" as an = option, but=20 it doesn't seem to work. As a matter of fact, if I use it, NAT = seems to=20 quit working altogether.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks in advance,</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Tom Veldhouse</FONT></DIV> <DIV><FONT face=3DArial size=3D2><A=20 href=3D"mailto:veldy@veldy.net">veldy@veldy.net</A></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT></BODY></HTML> ------=_NextPart_000_0035_01C08FA7.72613EE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801c08fd9$bd0f8500$0100a8c0>