Date: Mon, 5 Feb 2001 19:11:30 -0600 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: <freebsd-stable@freebsd.org> Subject: IPFilter and bimap -vs- natd? Message-ID: <003801c08fd9$bd0f8500$0100a8c0@cascade>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Right now I am using IPFilter and ipnat for my firewall. I just found out that IPFW now supports stateful rules (how did I miss that - it has been there for awhile? :) Anyway, I would like to be able to do the following: 1. I need to redirect port 80 to 3128 for transparent proxying of the web using Squid. 2. I need to map real IP addresses to my private lan and back again - so to the outside it appears that a private address is translated to a public address. Here are my rules for ipnat currently: # run nat for our internal network bimap dc1 192.168.0.2/32 -> x.x.x.x/32 bimap dc1 192.168.0.3/32 -> x.x.x.y/32 bimap dc1 192.168.0.4/32 -> x.x.x.z/32 # redirect all lan web traffic to squid rdr dc0 0/0 port 80 -> 192.168.0.1 port 3128 How can I do the same thing using natd? I have tried "redirect_address" as an option, but it doesn't seem to work. As a matter of fact, if I use it, NAT seems to quit working altogether. Thanks in advance, Tom Veldhouse veldy@veldy.net [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type> <META content="MSHTML 5.00.3103.1000" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Right now I am using IPFilter and ipnat for my firewall. I just found out that IPFW now supports stateful rules (how did I miss that - it has been there for awhile? :) Anyway, I would like to be able to do the following:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>1. I need to redirect port 80 to 3128 for transparent proxying of the web using Squid.</FONT></DIV> <DIV><FONT face=Arial size=2>2. I need to map real IP addresses to my private lan and back again - so to the outside it appears that a private address is translated to a public address.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Here are my rules for ipnat currently:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2># run nat for our internal network<BR>bimap dc1 192.168.0.2/32 -> x.x.x.x/32<BR>bimap dc1 192.168.0.3/32 -> x.x.x.y/32<BR>bimap dc1 192.168.0.4/32 -> x.x.x.z/32</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2># redirect all lan web traffic to squid<BR>rdr dc0 0/0 port 80 -> 192.168.0.1 port 3128</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>How can I do the same thing using natd?</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I have tried "redirect_address" as an option, but it doesn't seem to work. As a matter of fact, if I use it, NAT seems to quit working altogether.</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Thanks in advance,</FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2>Tom Veldhouse</FONT></DIV> <DIV><FONT face=Arial size=2><A href="mailto:veldy@veldy.net">veldy@veldy.net</A></FONT></DIV> <DIV><FONT face=Arial size=2></FONT> </DIV> <DIV><FONT face=Arial size=2><BR> </DIV></FONT></BODY></HTML>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801c08fd9$bd0f8500$0100a8c0>