Otdfbt

Should there be an "a" before "ten years imprisonment"?

Why isn't 'chemically-strengthened glass' made with potassium carbonate to begin with?

Function argument returning void or non-void type

Take elements from a list based on two criteria

Are runways booked by airlines to land their planes?

Drums and punctuation

My players want to grind XP but we're using milestone advancement

Shorten or merge multiple lines of `&> /dev/null &`

Is my plasma cannon concept viable?

Why was this character made Grand Maester?

Why didn't Thanos use the Time Stone to stop the Avengers' plan?

Parallel fifths in the orchestra

Can my floppy disk still work without a shutter spring?

Determine this limit

Where is Jon going?

Python program to take in two strings and print the larger string

Why do Russians almost not use verbs of possession akin to "have"?

I know that there is a preselected candidate for a position to be filled at my department. What should I do?

Mysterious procedure calls without parameters - but no exceptions generated

Is the Unsullied name meant to be ironic? How did it come to be?

If a (distance) metric on a connected Riemannian manifold locally agrees with the Riemannian metric, is it equal to the induced metric?

Dad jokes are fun

Natural Armour and Weapons

Why did other houses not demand this?

Redirection with natd flags on FreeBSD

Multiple Sites on One IIS Server Need Different Outgoing IP AddressesCisco ASA - NATing internal -> internal IP for users on a VPNFreeBSD Jail with Loopback IP, IPFW, and natd - Outbound connections fail from jailFreeBSD L2TP VPN connection errorFreeBSD L2TP/IPsec not routing traffic to vpn serverAWS public subnet autoscaling group with outbound NATVyatta Destination NAT not workingProblems with static IP addressing on FreeBSDAWS VPC routing table with both Internet Gateway and NAT GatewayIptables + NAT and port forward loop with one network interface

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

2

I am trying to setup a basic NAT server. I want all traffic coming from the outside world to the NAT server to be redirected to another machine, where I have a lipcap service running to parse this traffic.

I tried -redirect_port and -redirect_address in the natd_flags part in rc.conf but nothing works...any thoughts?

freebsd nat

share|improve this question

asked Dec 24 '13 at 11:52

nawarnawar

334

add a comment | 

2

I am trying to setup a basic NAT server. I want all traffic coming from the outside world to the NAT server to be redirected to another machine, where I have a lipcap service running to parse this traffic.

I tried -redirect_port and -redirect_address in the natd_flags part in rc.conf but nothing works...any thoughts?

freebsd nat

share|improve this question

asked Dec 24 '13 at 11:52

nawarnawar

334

add a comment | 

I am trying to setup a basic NAT server. I want all traffic coming from the outside world to the NAT server to be redirected to another machine, where I have a lipcap service running to parse this traffic.

I tried -redirect_port and -redirect_address in the natd_flags part in rc.conf but nothing works...any thoughts?

freebsd nat

share|improve this question

asked Dec 24 '13 at 11:52

nawarnawar

334

share|improve this question

asked Dec 24 '13 at 11:52

nawarnawar

334

share|improve this question

asked Dec 24 '13 at 11:52

nawarnawar

334

asked Dec 24 '13 at 11:52

nawarnawar

334

asked Dec 24 '13 at 11:52

nawarnawar

334

2 Answers
2

active

oldest

votes

0

Userspace natd needs ipfw enabled. IPFW catch packets and redirect them to the natd that translate addresses. But nowaday you can use kernel nat embedded into ipfw.

Let's enable IPFW engine

# /etc/rc.conf
. . . . .
gateway_enable="YES"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.ipfw"
. . . . .

And let's configure kernel redirection:

# /etc/rc.ipfw
. . . . .
oip="1.2.3.4" # Outer IP looking to the internet
tip="10.0.0.100 # Target host
ipfw nat 1 config redirect_addr $tip $oip
. . . . . 

That's all.

share|improve this answer

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks a lot. I tried this rule, and added several other after it to allow traditional traffic. It doesn’t work as I expected. Several things that I am not sure about. 1- should this rule show up when i use 'ipfw list' because it doesnt for me? 2- The NAT machine acts as a gateway so I want it to be able to DNS and what not without redirection. Any thoughts?
  
  – nawar
  Dec 26 '13 at 8:27
  

  
  
  
  

add a comment | 

0

The PF firewall has NAT and redirection build right in. Add this to /etc/rc.conf:

gateway_enable="YES"
pf_enable="YES"

And configure the firewall. Add these lines to /etc/pf.conf:

ext_if=em0
ext_addr = N.N.N.N (your external IP)

int_if=em1
int_net=10.0.0.0/8
int_addr=10.0.0.1
libcap_host=10.0.0.2

nat on $ext_if from $int_net to any -> $ext_addr
rdr on $ext_if from any to $ext_addr -> $libcap_host

The NAT rule will do what you expect, send all traffic generated on your internet network to the world via the gateway's external IP. The rdr rule will route all incoming connections to your target host.

share|improve this answer

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f563338%2fredirection-with-natd-flags-on-freebsd%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Userspace natd needs ipfw enabled. IPFW catch packets and redirect them to the natd that translate addresses. But nowaday you can use kernel nat embedded into ipfw.

Let's enable IPFW engine

# /etc/rc.conf
. . . . .
gateway_enable="YES"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.ipfw"
. . . . .

And let's configure kernel redirection:

# /etc/rc.ipfw
. . . . .
oip="1.2.3.4" # Outer IP looking to the internet
tip="10.0.0.100 # Target host
ipfw nat 1 config redirect_addr $tip $oip
. . . . . 

That's all.

share|improve this answer

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks a lot. I tried this rule, and added several other after it to allow traditional traffic. It doesn’t work as I expected. Several things that I am not sure about. 1- should this rule show up when i use 'ipfw list' because it doesnt for me? 2- The NAT machine acts as a gateway so I want it to be able to DNS and what not without redirection. Any thoughts?
  
  – nawar
  Dec 26 '13 at 8:27
  

  
  
  
  

add a comment | 

0

Userspace natd needs ipfw enabled. IPFW catch packets and redirect them to the natd that translate addresses. But nowaday you can use kernel nat embedded into ipfw.

Let's enable IPFW engine

# /etc/rc.conf
. . . . .
gateway_enable="YES"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.ipfw"
. . . . .

And let's configure kernel redirection:

# /etc/rc.ipfw
. . . . .
oip="1.2.3.4" # Outer IP looking to the internet
tip="10.0.0.100 # Target host
ipfw nat 1 config redirect_addr $tip $oip
. . . . . 

That's all.

share|improve this answer

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks a lot. I tried this rule, and added several other after it to allow traditional traffic. It doesn’t work as I expected. Several things that I am not sure about. 1- should this rule show up when i use 'ipfw list' because it doesnt for me? 2- The NAT machine acts as a gateway so I want it to be able to DNS and what not without redirection. Any thoughts?
  
  – nawar
  Dec 26 '13 at 8:27
  

  
  
  
  

add a comment | 

Userspace natd needs ipfw enabled. IPFW catch packets and redirect them to the natd that translate addresses. But nowaday you can use kernel nat embedded into ipfw.

Let's enable IPFW engine

# /etc/rc.conf
. . . . .
gateway_enable="YES"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.ipfw"
. . . . .

And let's configure kernel redirection:

# /etc/rc.ipfw
. . . . .
oip="1.2.3.4" # Outer IP looking to the internet
tip="10.0.0.100 # Target host
ipfw nat 1 config redirect_addr $tip $oip
. . . . . 

That's all.

share|improve this answer

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

# /etc/rc.conf
. . . . .
gateway_enable="YES"
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/rc.ipfw"
. . . . .

# /etc/rc.ipfw
. . . . .
oip="1.2.3.4" # Outer IP looking to the internet
tip="10.0.0.100 # Target host
ipfw nat 1 config redirect_addr $tip $oip
. . . . . 

share|improve this answer

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

answered Dec 24 '13 at 17:08

KondybasKondybas

6,38621422

0

The PF firewall has NAT and redirection build right in. Add this to /etc/rc.conf:

gateway_enable="YES"
pf_enable="YES"

And configure the firewall. Add these lines to /etc/pf.conf:

ext_if=em0
ext_addr = N.N.N.N (your external IP)

int_if=em1
int_net=10.0.0.0/8
int_addr=10.0.0.1
libcap_host=10.0.0.2

nat on $ext_if from $int_net to any -> $ext_addr
rdr on $ext_if from any to $ext_addr -> $libcap_host

The NAT rule will do what you expect, send all traffic generated on your internet network to the world via the gateway's external IP. The rdr rule will route all incoming connections to your target host.

share|improve this answer

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

add a comment | 

0

The PF firewall has NAT and redirection build right in. Add this to /etc/rc.conf:

gateway_enable="YES"
pf_enable="YES"

And configure the firewall. Add these lines to /etc/pf.conf:

ext_if=em0
ext_addr = N.N.N.N (your external IP)

int_if=em1
int_net=10.0.0.0/8
int_addr=10.0.0.1
libcap_host=10.0.0.2

nat on $ext_if from $int_net to any -> $ext_addr
rdr on $ext_if from any to $ext_addr -> $libcap_host

The NAT rule will do what you expect, send all traffic generated on your internet network to the world via the gateway's external IP. The rdr rule will route all incoming connections to your target host.

share|improve this answer

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

add a comment | 

The PF firewall has NAT and redirection build right in. Add this to /etc/rc.conf:

gateway_enable="YES"
pf_enable="YES"

And configure the firewall. Add these lines to /etc/pf.conf:

ext_if=em0
ext_addr = N.N.N.N (your external IP)

int_if=em1
int_net=10.0.0.0/8
int_addr=10.0.0.1
libcap_host=10.0.0.2

nat on $ext_if from $int_net to any -> $ext_addr
rdr on $ext_if from any to $ext_addr -> $libcap_host

The NAT rule will do what you expect, send all traffic generated on your internet network to the world via the gateway's external IP. The rdr rule will route all incoming connections to your target host.

share|improve this answer

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

gateway_enable="YES"
pf_enable="YES"

ext_if=em0
ext_addr = N.N.N.N (your external IP)

int_if=em1
int_net=10.0.0.0/8
int_addr=10.0.0.1
libcap_host=10.0.0.2

nat on $ext_if from $int_net to any -> $ext_addr
rdr on $ext_if from any to $ext_addr -> $libcap_host

share|improve this answer

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429

answered Jan 24 '15 at 7:31

Matt SimersonMatt Simerson

35429