newbie IPFW user

[Da Rock]

On 03/10/12 19:47, Julian Elischer wrote:
> On 3/9/12 6:39 AM, Da Rock wrote:
>> I'm relatively new to IPFW, not FBSD; the last time I used IPFW (I 
>> believe) was using 4.3. I'm now attempting to use IPFW for some tests 
>> (and hopefully move to production), and I'm trying to determine how I 
>> would setup binat using IPFW; or even if its possible at all.
>>
>> I've been hunting some more in depth documentation, but it appears to 
>> be scarce/not definitive. I suspect using the modes in libalias such 
>> as "use same ports" and "reverse" might be able to do what I'm 
>> looking for?
>>
>> Any clarity much appreciated.
>
> well of course
> man ipfw is the basis..
>
> since you don't give any hints as to what you want to do that is not 
> in /etc/rc.firewall,
> it is hard to know how to help you..
I think that is the fundamental problem: I defined what I was doing but 
the terms are foreign, ergo the man doesn't show it either.

Binat is defined in pf, so I used the terminology thinking it would just 
click. Apparently not :) Binat is 1:1 natting to and from a client 
behind a firewall (according to pf), so binat nats traffic from the 
client and from the external network. For all intents and purposes it 
appears the client is actually on the external network, with the added 
benefit that only the ports needed can be natted, and others can be 
diverted elsewhere.

I'm using it for voip currently (and vpn on the same client): voip 
requires 5060 remote _and_ connection ports, and needs to be forwarded 
as is (excepting ip address) and not appear to be natted os as not to 
confuse the client. VPN uses 500/4500 and requires an untouched packet 
payload (ipsec).

Are there any sources for documentation on the advanced uses of ipfw? I 
stumbled on just one that goes into more detail so far 
http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO.