IPFW/NATD: Client behind firewall connecting to server behind
firewall AS IF it were really EXTERNAL
Darren Pilgrim
dmp at pantherdragon.org
Wed Apr 16 17:20:44 PDT 2003
"C_Ahlers" <freebsd at code-space.com> wrote:
>Am i missing something?
>
>if do:
>
>{...)
>ipfw add divert natd all from any to any via $oif
>ipfw add fwd b.b.b.100,80 tcp from b.b.b.0/24 to a.a.a.15 80 in via $iif
>(...)
>
>And say, client b.b.b.57 attempts to connect to a.a.a.15:80 - the
>forward rule will send out AS IS to b.b.b.100:80 on the internal
>interface
>
>1) No NAT will occur because NAT is setup only on external interface
Correct.
>2) The packet's dest ipaddr is not changed: it is still a.a.a.15, and
>will not be routed to anything on b.b.b.0/24
The forarding behaviour is explained in ipfw(8).
>Do I need to NAT on $iif as well?
Probably, unless you don't need the webserver to answering from the address the
client expects it to.
More information about the freebsd-ipfw
mailing list