DNAT in freebsd
Darren Pilgrim
list_freebsd at bluerosetech.com
Sun Jul 7 01:29:22 UTC 2013
On 7/3/2013 4:06 AM, Sami Halabi wrote:
> Hi Julian,
>
> I appreciate your willing to help me.
>
> My Situation in short is:
>
> ----------- [a] ------------------------- [b] -------------
> internet B |---BGP---|84.xx.yy.1 192.168.0.1|-----|192.168.0.2/24
> 193.xx.yy.2| |Aem1 Cem3 D em0| | | neighbour
> ----------- ------------------------- | --------------
> | | |
> [Q] | |
> your networks private network
>
> I Have control only over the middle machine, so i cant establish a tunnel.
> So I want it to act as MAN IN THE MIDDLE/ proxy.
> every packet comes from private network to 192.168.0.1 ie:
> packet hdr: src: 192.168.0.2 dst 192.168.0.1
> should be translated as:
> packet hdr: src: 84.xx.yy.1 dst 193.xx.yy.2
> ports and data untouched.
>
> and every packet from 193.xx.yy.2 (incoming/setup...) as:
> packet hdr: src: 193.xx.yy.2 dst: 84.xx.yy.1
> to be translated as:
> packet hdr: src: 192.168.0.1 dst 192.168.0.2
>
> btw: any other packet from src other than 193.xx.yy.2 to dst 84.xx.yy.1
> should be dropped.
I believe this will work:
binat on em1 from 193.xx.yy.2 to 84.xx.yy.1 -> 192.168.0.1 \
static-port tag netA
binat on em0 from 192.168.0.2 to 192.168.0.1 -> 84.xx.yy.1 \
static-port tag netB
redir from any to 84.xx.yy.1 -> 192.168.0.2 tagged netA
redir from any to 192.168.0.1 -> 193.xx.yy.2 tagged netB
More information about the freebsd-net
mailing list