Now, I think that we have to make some ipfw example code for NAT
in-kernel with and without keep-state/chack-state .
I start in monday with stateful ipfw.
Thanks for help me!!!
(Now I have FreeBSD 6.1)
I haven't tried with keep-state yes (dont even know if keep-state is
ready to maintain "nat" state, I think it is not). The box which is
taking me to internet right now at my building is ipfw nat, for wired
and wireless networks. Here are the running rules:
([EMAIL PROTECTED])~# ipfw show | grep nat
20000 19812654 104938057 nat 20 ip from { 10.69.69.0/24 or
172.16.69.0/24 } to any out via sis0
20100 27128929 37927915720 nat 20 ip from any to any in via sis0
([EMAIL PROTECTED])~# ipfw nat 20 show config
ipfw nat 20 config if sis0 log unreg_only redir_port tcp
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp
10.69.69.39:6969 3969
([EMAIL PROTECTED])~# grep nat /etc/rc.firewall
$fwcmd nat 20 config if sis0 log unreg_only redir_port tcp
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp
10.69.69.39:6969 3969
$fwcmd add 20000 set 20 nat 20 all from $redes to any out via $ife
$fwcmd add 20100 set 20 nat 20 all from any to any in via $ife
I have some more enviroments running NAT in in different IPs with
"prob", for testing purposes. I can print configs next week, since I
cant access those boxes on weekends.
I hope it helps as example, I have just rewriten selective "divert"
which I used before into "nat" rules.
BTW (offside note): Next week I will add a TinyBSD image with ipfw nat
(FreeBSD 6.1) on www.tinybsd.org, so if anyone want to try ipfw nat in
their soekris/wrap/whatever boards, hang on untill wednesday.
--
Patrick Tracanelli
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"