# IPFW redirect_port



## sterid (Feb 22, 2013)

Hi, 
I have a question on configure IPFW NAT and redirect_port from Public to Internal. I need to configure port forwarding from external network (de0 port 3389) in the internal (10.0.0.101:3389), with the internal network should not be able to walk on the outside (connect to internet or gateway).

Interfaces: 

```
de0 #external subnet (172.16.1.0/24)
de1 #internal subnet (10.0.0.0/24)
```

Rules:

```
ipfw add 50 check-state log
ipfw nat 1 config log ip 172.16.1.90 redirect_port tcp 10.0.0.101:3389 3389
ipfw add 100 nat 1 log tcp from any to me 3389 in via de0
ipfw add 101 nat 1 log tcp from any to 10.0.0.101 out via de1 keep-state
ipfw add 102 nat 1 log tcp from 10.0.0.101 3389 to any in via de1
```

This rules are working, but I think this is not secure. Because at any moment it is possible to use the Internet by specifying the source port of 3389 and it will be NATing to external.

Suggest a better configuration
tnx


----------

