<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">your rules are correct.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">and you don't need to add the options in kernel config file, that belongs to IPFW</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">please provide output of below commands:</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">1. kldstat</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">2. ipfw3 show</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)">3. ipfw3 nat show config</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 22 June 2015 at 21:08, <span dir="ltr"><<a href="mailto:nans_nans1@yahoo.de" target="_blank">nans_nans1@yahoo.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Sorry, but this dont work.<br>
My external nic is ue0 and my internal nic is em0.<br>
<br>
I run 4.3 and a kernel with the following options:<br>
<br>
options IPFIREWALL<br>
options IPDIVERT<br>
options IPFIREWALL_DEFAULT_TO_ACCEPT<br>
options IPFIREWALL_VERBOSE<br>
<br>
What i do:<br>
In /etc/rc.conf: gateway_enable="YES"<br>
<br>
Then:<br>
kldload ipfw3_nat<br>
ipfw3 nat 1 config if ue0<br>
ipfw3 add nat 1 tcp via ue0<br>
<br>
The result is that NAT don't work.<br>
<br>
What is wrong with my configuration? Have i forgotten something?<br>
<br>
<br>
<br>
<br>
<br>
<br>
--------------------------------------------<br>
bycn82 <<a href="mailto:bycn82@gmail.com">bycn82@gmail.com</a>> schrieb am Mo, 22.6.2015:<br>
<br>
Betreff: Re: ipfw3<br>
An: <a href="mailto:nans_nans1@yahoo.de">nans_nans1@yahoo.de</a><br>
CC: "<a href="mailto:users@dragonflybsd.org">users@dragonflybsd.org</a>" <<a href="mailto:users@dragonflybsd.org">users@dragonflybsd.org</a>><br>
Datum: Montag, 22. Juni, 2015 01:47 Uhr<br>
<span class=""><br>
hi,<br>
sorry for<br>
lacking of documentation. <br>
<br>
below are<br>
sample steps to use in-kernel NAT with ipfw3.<br>
Step1: make<br>
sure the ipfw3_nat module was loaded<br>
dev03#kldstat | grep<br>
ipfw3_nat 5 1 0xffffffff83242000<br>
3000 ipfw3_nat.ko<br>
if the modules was not loaded,<br>
then below command to load the kernel module<br>
dev03#kldload<br>
ipfw3_nat<br>
<br>
Step2: prepare<br>
NAT config<br>
dev03#ipfw3 nat 1 config<br>
</span> if em0ipfw nat<br>
<div class="HOEnZb"><div class="h5"> 1 config if em0<br>
which<br>
means it will do MASQUERADE using interface<br>
em0.<br>
Step3: NAT the<br>
traffic. NAT is just ip translate. so both<br>
direction should go through the same NAT<br>
config.<br>
dev03#ipfw3<br>
add nat 1 tcp via em0<br>
<br>
this means both in and out traffic<br>
on interface em0 will be filtered/ translated by NAT config<br>
id 1.<br>
<br>
hope this helps, please try it and<br>
if you have any question, just let me know, and<br>
if you can help to come up with an tutorial by rephrasing<br>
this and append with your experience, that would be very<br>
helpful.<br>
<a href="http://www.dragonflybsd.org/docs/ipfw2/" rel="noreferrer" target="_blank">http://www.dragonflybsd.org/docs/ipfw2/</a><br>
is an wiki, there is a "edit page"<br>
link. <br>
regards,bycn82<br>
On 22 June 2015 at 02:31,<br>
<<a href="mailto:nans_nans1@yahoo.de">nans_nans1@yahoo.de</a>><br>
wrote:<br>
Can<br>
someone give me detailed/complete instructions how to<br>
realize simple working nat with ipfw3 (including rc.conf and<br>
configuration files).<br>
<br>
<br>
<br>
The informations on these sites turns out to be sadly sparse<br>
for me:<br>
<br>
<a href="https://www.dragonflybsd.org/docs/ipfw2/" rel="noreferrer" target="_blank">https://www.dragonflybsd.org/docs/ipfw2/</a><br>
<br>
<a href="http://www.dragonflybsd.org/docs/ipfw2/modules/" rel="noreferrer" target="_blank">http://www.dragonflybsd.org/docs/ipfw2/modules/</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div></div></blockquote></div><br></div>