something is not working: ipfw fwd VIA nat TO tun on FreeBSD-11 stable r318266
Eugene Kazarinov
kamuzon at milshop.ru
Mon May 15 20:29:14 UTC 2017
Hello.
After upgrade from 10.3 stable something broke.
I have tun0
tun0: flags=8151<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.10.0.6 --> 10.10.0.5 netmask 0xffffffff
groups: tun
Opened by PID 1111
in pf.conf I have rule
nat on tun0 inet from 192.168.10.0/24 to any -> 10.10.0.6
ipfw forwarding rule:
ipfw 1500 fwd 10.10.0.5 ip from 192.168.10.0/24 to any via em0
ipfw sh counts
01500 1609 102098 fwd 10.10.0.5 ip from 192.168.10.0/24 to any via
em0
So packets from network 192.168.10.0/24 forward to tun0 and I see it there
BUT
Why I see they not mapped?!:
# tcpdump -ni tun0
23:02:15.207682 IP 192.168.10.2 > 8.8.8.8: ICMP echo request, id 1, seq
2253, length 40
On another side of tun0 there is no packets.
If I ping 10.10.0.1 then I see right packets on both sided of tun0 (so tun0
is up and working)
23:03:15.989577 IP 10.10.0.6 > 10.10.0.1: ICMP echo request, id 25095, seq
0, length 64
23:03:15.992260 IP 10.10.0.1 > 10.10.0.6: ICMP echo reply, id 25095, seq 0,
length 64
Why pf doesnt map packets which are forwarded via ipfw?
BTW
I'd try
ipnat.rules
map tun0 from 192.168.10.0/24 to any -> 10.10.0.6/32
but ipnat doesnt map forwarded packets too. Why?
How to fix it?!
More information about the freebsd-stable
mailing list