Date: Sat, 10 Mar 2012 23:05:11 +1000 From: Da Rock <freebsd-ipfw@herveybayaustralia.com.au> To: freebsd-ipfw@freebsd.org Subject: Re: newbie IPFW user Message-ID: <4F5B5187.2010303@herveybayaustralia.com.au> In-Reply-To: <4F5B2348.2080405@freebsd.org> References: <4F5A161C.8060407@herveybayaustralia.com.au> <4F5B2348.2080405@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/10/12 19:47, Julian Elischer wrote: > On 3/9/12 6:39 AM, Da Rock wrote: >> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I >> believe) was using 4.3. I'm now attempting to use IPFW for some tests >> (and hopefully move to production), and I'm trying to determine how I >> would setup binat using IPFW; or even if its possible at all. >> >> I've been hunting some more in depth documentation, but it appears to >> be scarce/not definitive. I suspect using the modes in libalias such >> as "use same ports" and "reverse" might be able to do what I'm >> looking for? >> >> Any clarity much appreciated. > > well of course > man ipfw is the basis.. > > since you don't give any hints as to what you want to do that is not > in /etc/rc.firewall, > it is hard to know how to help you.. I think that is the fundamental problem: I defined what I was doing but the terms are foreign, ergo the man doesn't show it either. Binat is defined in pf, so I used the terminology thinking it would just click. Apparently not :) Binat is 1:1 natting to and from a client behind a firewall (according to pf), so binat nats traffic from the client and from the external network. For all intents and purposes it appears the client is actually on the external network, with the added benefit that only the ports needed can be natted, and others can be diverted elsewhere. I'm using it for voip currently (and vpn on the same client): voip requires 5060 remote _and_ connection ports, and needs to be forwarded as is (excepting ip address) and not appear to be natted os as not to confuse the client. VPN uses 500/4500 and requires an untouched packet payload (ipsec). Are there any sources for documentation on the advanced uses of ipfw? I stumbled on just one that goes into more detail so far http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F5B5187.2010303>