Re: I have some questions about natd and firewall....^_^|||
- From: Lowell Gilbert <freebsd-questions-local@xxxxxxxxxxxxxxx>
- Date: Wed, 31 May 2006 10:50:24 -0400
董佑龍 <ss650120@xxxxxxxxxxxxxx> writes:
Hello:
My English is not good. I am sorry about this first. ~_~
You made yourself clear. Better than "good enough."
My system: FreeBSD + IPFW + NAT
Question 1: about NAT (in FreeBSD)
I built a "natd.conf" and it's contents are below:
redirect_address 192.168.0.1 140.115.10.22
I have 2 computers in the LAN: 192.168.0.200 and
192.168.0.201.
The redirect rule (above) will affect any connection which
destination is 140.115.10.22.
But, I don't want this rule to redirect the packets sent
from 192.168.0.200.(ie. This rule will affect all nodes inside the LAN but
192.168.0.200) Can I make it?
Yes. What you do is make sure that packets from that address don't
get sent to the divert socket in your ipfw ruleset. For example, you
could use a "skipto" rule before the divert rule.
Question 2: about Firewall (in FreeBSD)
Is there any argument in IPFW just like the function of the
"redirect_address" in NAT can be used? If it is, I think it may can solve
the above problem.
Not exactly. You can use a "fwd" rule, but the destination IP address
won't be changed. The machine you forward to won't accept the packets
because its address isn't 140.115.10.22.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Prev by Date: Re: Mounting to a second hard disk
- Next by Date: Re: pkg_upgrade?
- Previous by thread: I have some questions about natd and firewall....^_^|||
- Next by thread: Apache not building its own modules (e.g. mod_alias)
- Index(es):
Relevant Pages
|
|
