7.0 ipfw nat confusion
Marin Bek
marin.bek at gmail.com
Sun Aug 31 15:03:27 UTC 2008
Hello,
I've been using ipfw + natd successfully before, but now have problems
using the implemented nat functionality, though I find it a great
improvement.
Simply NAT-in internal network to external is working flawlessly by just:
ipfw nat 1 config if $extern
ipfw add 100 nat 1 log ip from any to any
But when I add some redirect_port to configuration, it doesn't work.
External->internal translation failes (tcpdump unreachable...). Command is
accepted, general NAT works fine, but ports are not forwarded. So, I did the
following:
ipfw nat 1 config if $internal redirect_port tcp 192.168.5.2:5000 5000
redirect_port udp 192.168.5.2:5000 5000
where 192.168.5.X is the internal network, and $internal the NIC connected
to this interface. Starting a simple tcp/udp application on one of the
internal clients (5.2) on port 5000, and testing it on that computer is
successful. But when I attempt to connect to the service via 5.1 (the router
internal IP) - no luck.
tcpdump-ing gives "192.168.5.1 > 192.168.5.2: ICMP 192.168.5.1 udp port 5000
unreachable"
Am I missing something? Should I add some extra rules to the ipfw (it is set
to allow_all)?
Similar setup worked fine with natd+ipfw.
Thanks...
More information about the freebsd-net
mailing list