[Bug 211256] FreeBSD 11 ipfw nat tablearg

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Jul 20 21:30:45 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211256

            Bug ID: 211256
           Summary: FreeBSD 11 ipfw nat tablearg
           Product: Base System
           Version: 11.0-BETA1
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: standards
          Assignee: freebsd-standards at FreeBSD.org
          Reporter: chernov_victor at list.ru
                CC: freebsd-amd64 at FreeBSD.org
                CC: freebsd-amd64 at FreeBSD.org

Hi, sorry for my english, but there was a problem when testing FreeBSD 11 with
IPFW NAT. There rc.firewall configuration rules, which FreeBSD 10{0,1,2,3}
works without problems
rc.firewall
...
${fwcmd} nat 1 config log ip xx.yy.zz.254 reset same_ports deny_in unreg_only
${fwcmd} nat 2 config log ip xx.yy.zz.253 reset same_ports deny_in unreg_only
${fwcmd} nat 3 config log ip xx.yy.zz.252 reset same_ports deny_in unreg_only
${fwcmd} nat 4 config log ip xx.yy.zz.251 reset same_ports deny_in unreg_only
${fwcmd} nat 5 config log ip xx.yy.zz.250 reset same_ports deny_in unreg_only
...
${fwcmd} add 10000 nat tablearg ip4 from not me to table\(3\) in recv vlan0
...
${fwcmd} add 15000 nat tablearg ip4 from table\(4\) to not me out xmit vlan0
...
${fwcmd} table 3 add xx.yy.zz.254/32 1
${fwcmd} table 3 add xx.yy.zz.253/32 2
${fwcmd} table 3 add xx.yy.zz.252/32 3
${fwcmd} table 3 add xx.yy.zz.251/32 4
${fwcmd} table 3 add xx.yy.zz.250/32 5
...
${fwcmd} table 4 add 10.11.0.0/22 1
${fwcmd} table 4 add 10.11.4.0/22 2
${fwcmd} table 4 add 10.11.8.0/22 3
${fwcmd} table 4 add 10.11.12.0/22 4
${fwcmd} table 4 add 10.11.16.0/22 5

when viewing the rules in FreeBSD 10.3 command: ipfw list, result:
...
10000 nat tablearg ip4 from not me to table(3) in recv vlan0
...
15000 nat tablearg ip4 from table(4) to not me out xmit vlan0
...
but in freebsd 11 result:
...
10000 nat global ip4 from not me to table(3) in recv vlan0
...
15000 nat global ip4 from table(4) to not me out xmit vlan0

and IPFW NAT don't work

This is a BUG or a new mechanism of work IPFW NAT in FreeBSD 11?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the freebsd-amd64 mailing list