ip_port-forwarding BACK .. IP- und Port-Forwarding ======================= > cd /usr/src/sys/i386/conf/ > cp GENERIC MYKERNEL > vi MYKERNEL options IPFIREWALL options IPFIREWALL_VERBOSE # Optional options IPFIREWALL_DEFAULT_TO_ACCEPT # Optional options IPDIVERT options RANDOM_IP_ID # Optional options IPSTEALTH # Optional #options DUMMYNET # Optional #options BRIDGE # Optional > cd /usr/src > make buildkernel KERNCONF=MYKERNEL ... > make installkernel KERNCONF=MYKERNEL > reboot > vi /etc/rc.conf firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="xl0" natd_flags="-u -f /etc/natd.conf" tcp_drop_synfin="YES" # Optional icmp_drop_redirect="YES" # Optional ifconfig_xl0="inet 198.213.17.133 netmask 255.255.255.240 media 100baseTX mediaopt full-duplex" ifconfig_xl1="inet 192.168.20.1/24 media 100baseTX mediaopt full-duplex" ifconfig_xl1_alias0="192.168.20.254/32" ifconfig_xl1_alias1="192.168.40.1/24" ifconfig_xl1_alias2="192.168.40.254/32" defaultrouter="198.213.17.142" gateway_enable="YES" > vi /etc/rc.firewall DIVDEV="xl0" /sbin/ipfw -f flush /sbin/ipfw add 00100 allow ip from any to any via lo0 /sbin/ipfw add 00200 deny ip from any to 127.0.0.0/8 /sbin/ipfw add 00300 deny ip from 127.0.0.0/8 to any /sbin/ipfw add 00400 divert natd all from any to any via ${DIVDEV} ... (weitere Regeln nach eigenem Wunsch) ... /sbin/ipfw add 10000 pass all from any to any > vi /etc/natd.conf ### man natd log yes # Optional (logt in der /var/log/alias.log) redirect_port tcp 192.168.20.2:80 8002 redirect_port tcp 192.168.40.2:80 9002 ... redirect_port tcp 192.168.20.253:80 8253 redirect_port tcp 192.168.40.253:80 9253 [IMG]