How to redirect traffic through ifpw FreeBSD?

There is a gateway on FreeBSD, two network interfaces(em0 10.1.1.1/24 external, em1 192.168.1.1/24 - internal), configured NAT.

ipfw is configured minimally, so far:

#!/bin/sh

cmd="ipfw -q add" 
oif="em0" 
iif="em1"
skip="skipto 800"
ks="keep-state"

ipfw -q-f flush

# LOCAL
$cmd 010 allow all from any to any via $iif
$cmd 011 allow all from any to any via lo0

# NAT IN
$cmd 100 divert socket natd ip from any to any in via $oif
$cmd 101 check-state

# OUT
$cmd 200 $skip icmp from any to any out via $oif $ks
$210 cmd $skip udp from any to any 53 out via $oif $ks
$220 cmd $skip tcp from any to any 80 out via $oif setup $ks
$230 cmd $skip tcp from any to any 443 out via $oif setup $ks
$cmd 240 $skip all from me to any out via $oif setup $ks

# IN
$cmd 300 allow tcp from any to me 22 in via $oif setup $ks 

$700 cmd deny ip from any to any

# NAT OUT
$cmd 800 divert socket natd ip from any to any out via $oif
$cmd 801 allow ip from any to any

$900 cmd deny all from any to any


You need to write a rule which will redirect requests from the network 10.1.1.0/24 to ports 80,443 to the address 192.168.1.2 on ports 80, 443 respectively. How to do it?
July 8th 19 at 12:12
2 answers
July 8th 19 at 12:14
Solution
/etc/natd.conf

redirect_port tcp 192.168.1.2:80 80
redirect_port tcp 192.168.1.2:443 443

And generally it is strange to use in 2016 natd, if only it was like this 10 years have not stood and nobody climbed.
so I tried not working. - Cecil23 commented on July 8th 19 at 12:17
: from the network 10.1.1.0/24 are traded on 10.1.1.1:80 10.1.1.1:443, respectively? - Laney_Stros commented on July 8th 19 at 12:20
Yes. - Cecil23 commented on July 8th 19 at 12:23
1.2 default gateway or a route through 1.1 10.1.1.0/24 is? - Laney_Stros commented on July 8th 19 at 12:26
Then there is only the firewall. Turn on log on deny rules, and see what there is. - Laney_Stros commented on July 8th 19 at 12:29
Yes, there is. - Cecil23 commented on July 8th 19 at 12:32
OK, I will dig further. Then I will unsubscribe, thanks - Cecil23 commented on July 8th 19 at 12:35
the problem was in the settings of the gateway in 1.2, they were, but something was not working and had to reset and it worked. - Cecil23 commented on July 8th 19 at 12:38
July 8th 19 at 12:16
You can use rinetd. And it is better to use nuclear to do NAT and port forwarding.

Find more questions by tags * nix-like systemsFreeBSDipfirewall