DNAT in freebsd
Sami Halabi
sodynet1 at gmail.com
Tue Jul 2 14:21:31 UTC 2013
Hi again,
So far no solution....
Is there really no alternative in FreeBSD?
Sami
בתאריך 1 ביול 2013 14:16, מאת "Sami Halabi" <sodynet1 at gmail.com>:
> Hi,
> I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1
> > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1
> if I have 10.0.1.1 in em1 no translation is done!
> if I delete it (and add a static arp entry in 10.0.1.2 for mac of
> 10.0.1.1)
> rule 1000 translates well and I get packet from 11.0.3.1->10.0.1.1
>
> > ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1
> no translation is done at all!
>
> Sami
>
> > ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1
> > ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1
> >
> >
> > ipfw nat 1 config same_ports ureg_only ip 11.0.3.1
> > ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2
>
>
>
> On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein <eugen at grosbein.net>wrote:
>
>> On 01.07.2013 17:05, Sami Halabi wrote:
>> > Hi,
>> > forgot to mention that but this sysctl is already set to 0.
>> > i see in the logs packets pass 1000 rule.
>>
>> Use rules like 'ipfw add 1500 count log ip from any to any' to check
>> intermediate results of translation.
>>
>>
>
>
> --
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
>
More information about the freebsd-ipfw
mailing list