<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">hi,</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">sorry for lacking of documentation. </div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">below are sample steps to use in-kernel NAT with ipfw3.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">Step1: make sure the ipfw3_nat module was loaded</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style><div class="gmail_default" style="color:rgb(0,0,0);font-family:verdana,sans-serif;font-size:small">dev03#kldstat | grep ipfw3_nat</div><div class="gmail_default" style="color:rgb(0,0,0);font-family:verdana,sans-serif;font-size:small"> 5 1 0xffffffff83242000 3000 ipfw3_nat.ko</div><div class="gmail_default" style="color:rgb(0,0,0);font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style="color:rgb(0,0,0);font-family:verdana,sans-serif;font-size:small">if the modules was not loaded, then below command to load the kernel module</div><div class="gmail_default" style="color:rgb(0,0,0);font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style><font color="#000000" face="verdana, sans-serif">dev03#kldload ipfw3_nat</font><br></div><div class="gmail_default" style><font color="#000000" face="verdana, sans-serif"><br></font></div><div class="gmail_default" style><font color="#000000" face="verdana, sans-serif">Step2: prepare NAT config</font></div><div class="gmail_default" style><font color="#000000" face="verdana, sans-serif"><br></font></div><div class="gmail_default" style><div class="gmail_default">dev03#ipfw3 nat 1 config if em0</div><div class="gmail_default">ipfw nat 1 config if em0</div><div><br></div><div>which means it will do MASQUERADE using interface em0.</div><div><br></div><div>Step3: NAT the traffic. </div><div>NAT is just ip translate. so both direction should go through the same NAT config.</div><div><br></div><div>dev03#ipfw3 add nat 1 tcp via em0<br></div><div><br></div><div>this means both in and out traffic on interface em0 will be filtered/ translated by NAT config id 1.</div><div><br></div><div><br></div><div>hope this helps, please try it and if you have any question, just let me know, </div><div>and if you can help to come up with an tutorial by rephrasing this and append with your experience, that would be very helpful.</div><div><br></div><div><a href="http://www.dragonflybsd.org/docs/ipfw2/">http://www.dragonflybsd.org/docs/ipfw2/</a> is an wiki, there is a "edit page" link. </div></div></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">regards,</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">bycn82</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 22 June 2015 at 02:31, <span dir="ltr"><<a href="mailto:nans_nans1@yahoo.de" target="_blank">nans_nans1@yahoo.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Can someone give me detailed/complete instructions how to realize simple working nat with ipfw3 (including rc.conf and configuration files).<br>
<br>
The informations on these sites turns out to be sadly sparse for me:<br>
<a href="https://www.dragonflybsd.org/docs/ipfw2/" rel="noreferrer" target="_blank">https://www.dragonflybsd.org/docs/ipfw2/</a><br>
<a href="http://www.dragonflybsd.org/docs/ipfw2/modules/" rel="noreferrer" target="_blank">http://www.dragonflybsd.org/docs/ipfw2/modules/</a><br>
<br>
<br>
<br>
<br>
</blockquote></div><br></div>