nat and dynamic external address
Michael
mlmichael70 at gmail.com
Thu Aug 5 06:22:57 UTC 2010
Hello.
Am I right thinking that "if interface" and "reset" parameters should be
enough to handle changing address (DHCP) on external interface?
My rules:
ipfw -q nat 1 config reset if $if_ext log same_ports
ipfw -q add nat 1 udp from $jail_ip to $dns out xmit $if_ext jail $jail_jid
ipfw -q add nat 1 udp from $dns to me in recv $if_ext
They works fine only when $if_ext gets it's IP address during system
boot-up.
If DHCP server is unavailable at the time of rules loading then ipfw says:
ipfw: cannot get interface name
(The same happens without "SYNDHCP" option for ipfw in rc.conf)
It loads all rules anyway. Now after DHCP becomes available and $ext_if
gets it's IP address it turns out that NAT is still not working. I have
to manually reload the same ruleset.
Any ideas how to solve that problem?
Michael
More information about the freebsd-ipfw
mailing list