On Sat, Jun 29, 2013 at 09:50:15AM +0300, Sami Halabi wrote:
> I think I was misunderstood...
> Here is the situation i want to handle:
> My box is a router that handles several /24 behind.
> One of my links (em0) is connected to a private network 192.168.0.1 is me,
> my neighbour is 192.168.0.2.
> I want to make that any connection comes to 192.168.0.1 to go to ip
> 193.xxx.yyy.2 using specific public ip 84.xx.yy.1
> And packets comming to my public 84.xx.yy.1 ip to be trsnslated as came
> from 192.168.0.1 and sent to 192.168.0.2/or ant other ips
> behind(192.168.1.xx/24).
>
> Hope that makes it clearer, and I appreciate any help.
>
> Sami
> ???????????? 29 ???????? 2013 03:30, ?????? "Paul A. Procacci"
> <pproca...@datapipe.com>:
The answer I provided you does exactly what you want it to do. Not to mention
the man page goes over other things as well if the answer I provided you
wasn't accurate. Here is my config that I use for my home setup.
The config:
- binds a nat instance on the primary interface
- denies all inbound syn's among other things
- Forward packets originating on the internal network interface through nat
- and returns packets (ack's) back to the original sender.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!/bin/sh
###################### Start of IPFW Configuration ####################
# Set rules command prefix :: Rule numbering cannot exceed 900
cmd="/sbin/ipfw -q"
pif="de0" # Public NIC
iif="bridge0" # Internal NIC
##############################################
# Flush current rules and do config.
$cmd -f flush
$cmd enable one_pass
##############################################
${cmd} add 00001 allow all from any to any via lo0
${cmd} add 00002 deny all from any to 127.0.0.0/8
${cmd} add 00003 deny ip from 127.0.0.0/8 to any
${cmd} nat 1 config if ${pif} log deny_in reset unreg_only same_ports
${cmd} add 00020 nat 1 all from any to any via ${pif}
${cmd} add 00050 allow all from any to any via ${iif}
${cmd} add 65534 deny log all from any to any
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Again, this information is found in `man ipfw(8)` and does what you are
asking.
~Paul
________________________________
This message may contain confidential or privileged information. If you are not
the intended recipient, please advise us immediately and delete this message.
See http://www.datapipe.com/legal/email_disclaimer/ for further information on
confidentiality and the risks of non-secure electronic communication. If you
cannot access these links, please notify us by reply message and we will send
the contents to you.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
