"Warrick FitzGerald" wrote in message ...
> Hi All,
>
> I'm setting up a Firewall using FreeBSD and can not seem to find anything
> in the FreeBSD handbook on proxy ARP.
>
> I am trying to setup DNAT, so that users on the outside can connect to a
> server on the inside of my network.
>
> If my outside interface is 5.5.5.5 and I want 5.5.5.6 to be DNAT'd back to
> a private host I am unsure of the best method to getting my outside
> interface to reply to ARP requests for the 5.5.5.6 address.
>
> Should I add the 5.5.5.6 address to the interface, or is there another
> proxy arp tool I should use?
>
> Thanks
> Warrick
You can either redirect by address or tcp/udp
redirect_address private public
You need to alias a public address for this.
Don't forget netmask 255.255.255.255
redirect_port tcp private:http 5050
redirect_port udp private:http 5050
(well known service names can be used)
or
redirect_port tcp private:http public:5050
redirect_port udp private:http public:5050
There are two steps here.
1. your /etc/natd.conf rules(the above) or can be done on command line
2. your firewall rules (I find keep-state the best for this)
ipfw add tcp from somewhere to 192.168.50.60 5631 setup keep-state
ipfw add udp from somewhere to 192.168.50.60 5632 setup keep-state
(the above firewall rules would be for pcanywhere)
I don't know about the ARP thing.
Cheers...btb
FAQ
Search
Profile
Private Messages
Log in
