# IPFW + natd + multiple IP (aliases)



## willyvmm (Apr 20, 2011)

Hello.

My config:

re0 ip: 1.0.0.1
+aliases: 1.0.0.2, 1.0.0.3, 1.0.0.4

Tap0 ip: 10.0.0.1

I'm running VirtualBox with guest system ip: 10.0.0.2.

Everything is working fine, NAT, port redirection etc. But every NAT'ed packet is outgoing the host machine with source IP 1.0.0.1 - but I would like to have 1.0.0.3 as the source. I've tried to use 

```
alias_address 1.0.0.3
```
option, it helped ... but the network on host machine stopped to work 

I guess I have to modify the IPFW rule 

```
$IPF 49 divert natd all from any to any via re0
```
But I do not know how. I've read many manuals but I can't find any solution.

I think this is not important, but the host is 64bit FreeBSD, guest is 32bit linux (debian).

Sorry for my bad English, I hope you can help me.

Best Regards Marcin


----------



## phoenix (Apr 20, 2011)

Can you post your natd configuration and your ipfw rules?


----------



## willyvmm (Apr 20, 2011)

rc.conf

```
gateway_enable="YES"
natd_enable="YES"                   # Enable NATD function
natd_interface="re0"                # interface name of public Internet NIC
natd_flags="-f /etc/natd.conf"            #
```

natd.conf

```
#alias_address 178.x.y.166
same_ports yes
redirect_port tcp 10.0.0.2:22 178.x.y.166:4222
redirect_port tcp 10.0.0.2:54455 178.x.y.166:5455
redirect_port tcp 10.0.0.2:54432 178.x.y.166:5432
```

ipfw.rules

```
IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag


# nat dal vboxa
$IPF 49 divert natd all from any to any via re0
#$IPF 401 pass all from any to any

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

$IPF 90 allow all from 10.0.0.1/24 to any in via tap0 keep-state


# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc

#vnc dla ccc
$IPF 120 allow tcp from any to 178.x.y.167 55987 in

#ssh
$IPF 130 allow tcp from any to 178.x.y.138 22 in
$IPF 140 allow tcp from any to 178.x.y.138 22 out

#http
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out

#https
$IPF 220 allow tcp from any to any 443 in
$IPF 230 allow tcp from any to any 443 out

#inetd - ident
$IPF 252 allow tcp from any to any 113 in
$IPF 253 allow tcp from any to any 113 out

#$IPF 254 allow tcp from any to any 6667 in
#$IPF 255 allow tcp from any to any 6667 out

#Troche portow dla VBOxa ;) wstepnie porzekierowanych a teraz otwartych
$IPF 300 allow all from any to 10.0.0.2 22 in
$IPF 301 allow all from any to 10.0.0.2 5455 in
$IPF 302 allow all from any to 10.0.0.2 5432 in


# deny and log everything
$IPF 500 deny log all from any to any

#############################  blokowanie

#wczytujemy table1 z ipikami sinokorea
. /usr/local/sinokorea/sinokorea

#wczytujemy czarnaliste
. /usr/local/sinokorea/blacklist

#I blokujemy oczywiscie ;)
$IPF 1 drop ip from "table(1)" to any
$IPF 2 drop ip from "table(2)" to any
```

I obscured important data. I think that's all.


----------



## isidrogr (Mar 8, 2012)

Hi, I'm new with unix, here is my issue: recently my ISP has changed my public IP, but I have not located the file where's the NAT is configured or the redirection. By means of the command "vi" I opened the natd.conf, but it is empty. Is there another file? What am I doing wrong? What I want to see is something like this:

```
natd -use_sockets -same_ports -unregistered_only -port 8668 \
        -alias_address xxx.xxx.xxx.xxx \
        -redirect_port tcp 10.12.80.2:8001 8001 \
        -redirect_port tcp 10.12.80.14:5223 5223 \
        -redirect_port tcp 10.12.80.200:443 443 \
        -redirect_port tcp 10.12.80.200:8000 8000 \
        -redirect_port tcp 10.12.80.200:8443 8443 \
        -redirect_port tcp 10.12.80.3:80 280 \
        -redirect_port tcp 10.12.80.6:5222 5222 \
       -redirect_port tcp 10.12.80.200:500 500 && echo -n 'natd'
```


----------

