<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000">Hi James,</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000">Thanks for pointing that issue out, it has been fixed. </div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000"></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000">Regards,</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#000000">Bill Yuan</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 15 Jun 2021 at 15:06, James Hobson <<a href="mailto:James.Hobson@jotron.com">James.Hobson@jotron.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto" style="overflow-wrap: break-word;">
<div>Hello!<br>
<br>
I'm trying to test out the ipfw3 nat module and I can't seem to get anything to work! The example on the mailing list seems to be out of date (the nat command takes an ip now, not an interface)<br>
<br>
The setup is this:<br>
External nic: em0. IP: <a href="http://192.168.0.178/24" target="_blank">192.168.0.178/24</a><br>
Internal nic: igb0. IP: <a href="http://172.23.0.1/24" target="_blank">172.23.0.1/24</a><br>
Computer attached to internal nic: <a href="http://172.23.0.2/24" target="_blank">172.23.0.2/24</a><br>
<br>
all IPs are static<br>
<br>
my script is as follows:<br>
---------------------------------------------------------<br>
#!/bin/sh<br>
<br>
<br>
INT="igb0"<br>
EXT="em0"<br>
<br>
<br>
if test -z "$(kldstat | grep ipfw3_nat.ko)"; then<br>
<span style="white-space:pre-wrap"></span>kldload ipfw3_layer4<br>
fi<br>
<br>
if test -z "$(kldstat | grep ipfw3_layer4.ko)"; then<br>
<span style="white-space:pre-wrap"></span>kldload ipfw3_layer4<br>
fi<br>
<br>
ipfw3 flush<br>
<br>
ipfw3 add allow all via $INT<br>
<br>
ipfw3 nat 1 config ip 192.168.0.178<br>
ipfw3 add nat 1 all via $EXT<br>
ipfw3 nat 1 show state<br>
<br>
ipfw3 add deny all<br>
---------------------------------------------------------<br>
<br>
my rc.conf contains:<br>
---------------------------------------------------------<br>
ifconfig_em0="inet <a href="http://192.168.0.178/24" target="_blank">192.168.0.178/24</a>"<br>
ifconfig_igb0="inet <a href="http://172.23.0.1/24" target="_blank">172.23.0.1/24</a>"<br>
gateway_enable=“YES"<br>
--------------------------------------------------------<br>
<br>
my sysctl.conf is:<br>
--------------------------------------------------------<br>
net.inet.ip.forwarding=1<br>
net.filters_default_to_accept=1<br>
--------------------------------------------------------<br>
<br>
But I cannot ping 8.8.8.8 from the computer attached to the internal nic!<br>
What am I going wrong?<br>
<br>
James</div>
</div>
</blockquote></div>