How to forward traffic through ifpw in FreeBSD?

R

Rad1us2016-06-24 11:29:30

FreeBSD

Rad1us, 2016-06-24 11:29:30

There is a gateway on FreeBSD, two network interfaces (em0 10.1.1.1/24 - external, em1 192.168.1.1/24 - internal), NAT is configured.
ipfw is configured minimally, so far like this:

#!/bin/sh

cmd="ipfw -q add"		
oif="em0"			
iif="em1"
skip="skipto 800"
ks="keep-state"

ipfw -q -f flush

# LOCAL
$cmd 010 allow all from any to any via $iif
$cmd 011 allow all from any to any via lo0

# NAT IN
$cmd 100 divert natd ip from any to any in via $oif
$cmd 101 check-state

# OUT
$cmd 200 $skip icmp from any to any out via $oif $ks
$cmd 210 $skip udp from any to any 53 out via $oif $ks
$cmd 220 $skip tcp from any to any 80 out via $oif setup $ks
$cmd 230 $skip tcp from any to any 443 out via $oif setup $ks
$cmd 240 $skip all from me to any out via $oif setup $ks

# IN
$cmd 300 allow tcp from any to me 22 in via $oif setup $ks	

$cmd 700 deny ip from any to any

# NAT OUT
$cmd 800 divert natd ip from any to any out via $oif
$cmd 801 allow ip from any to any

$cmd 900 deny all from any to any

You need to write a rule that will redirect requests from the network 10.1.1.0/24 on ports 80.443 to the address 192.168.1.2 on ports 80, 443, respectively. How to do it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

Nikolai, 2016-06-24
@rad1us

/etc/natd.conf
redirect_port tcp 192.168.1.2:80 80
redirect_port tcp 192.168.1.2:443 443
In general, it is strange to use natd in 2016, unless it stood in this form for 10 years and no one climbed there.

L

lexa322, 2016-06-24
@lexa322

You can use rinetd. And it is better to use nuclear nat and do port forwarding.