Date: Mon, 26 Jan 2015 21:36:58 +0100 From: Polytropon <freebsd@edvax.de> To: Luciano Mannucci <luciano@vespaperitivo.it> Cc: freebsd-questions@freebsd.org Subject: Re: Simple NAT Message-ID: <20150126213658.48423c08.freebsd@edvax.de> In-Reply-To: <3kWFlD70VnzRRrw@baobab.bilink.it> References: <3kWFlD70VnzRRrw@baobab.bilink.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Jan 2015 16:45:16 +0100, Luciano Mannucci wrote: > I have a freebsd machine (FreeBSD troika 10.1-RELEASE FreeBSD 10.1-RELEASE #0 > r274401) with openvpn that works like a charm :-)... > I wish to nat one and only one of my openvpn clients, possibly for a > single destination. What's the better way to avoid disturbing the rest > of the operations? > Any clues? > Is IPFW my friend? Yes, that should work. In /etc/rc.conf, set natd_enable="YES" natd_interface="xl0" where "xl0" is the "outer" interface. In your custom /etc/ipfw.conf, add the rule add divert natd ip from any to any via xl0 and refine the "from any to any" part to reflect the IP addresses (and maybe specific ports) for the connection you want to translate, so the rule will only allow for that _one_ destination you want to enable. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150126213658.48423c08.freebsd>