ipfw setfib+nat drop localy borned packets
Андрей Смагин
samspeed at mail.ru
Fri Dec 11 13:02:27 UTC 2009
ipfw drop packets borned on local PC, but from another all work fine
bridge0 172.17.1.200/16
tap1 192.168.6.2/24
ipfw nat 2 config ip 192.168.6.2 same_ports
route add default 172.17.1.200
setfib -F 2 route add default 192.168.6.1
ipfw add 10000 skipto 50206 ip from 172.17.0.0/16 to not 172.17.0.0/16
ipfw add 50205 nat 2 ip from any to 192.168.6.2
ipfw add 50206 setfib 2 ip from any to any
ipfw add 50207 nat 2 log ip from any to any
----------------------
from local machine:
PING internet (xxx.xxx.xxx.xx): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
tail /var/log/messages
kernel: ipfw: 50207 Nat ICMP:8.0 172.17.1.200 internet out via bridge0
-----------------------
from another host in 172.17.0.0/16 network all packets routed rightly
More information about the freebsd-current
mailing list