ipfw3

nans_nans1 at yahoo.de nans_nans1 at yahoo.de
Mon Jun 22 06:08:58 PDT 2015


Sorry, but this dont work.
My external nic is ue0 and my internal nic is em0.

I run 4.3 and a kernel with the following options:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE

What i do:
In /etc/rc.conf: gateway_enable="YES" 

Then:
kldload ipfw3_nat
ipfw3 nat 1 config if ue0
ipfw3 add nat 1 tcp via ue0

The result is that NAT don't work.

What is wrong with my configuration? Have i forgotten something?






--------------------------------------------
bycn82 <bycn82 at gmail.com> schrieb am Mo, 22.6.2015:

 Betreff: Re: ipfw3
 An: nans_nans1 at yahoo.de
 CC: "users at dragonflybsd.org" <users at dragonflybsd.org>
 Datum: Montag, 22. Juni, 2015 01:47 Uhr
 
 hi,
 sorry for
 lacking of documentation. 
 
 below are
 sample steps to use in-kernel NAT with ipfw3.
 Step1:  make
 sure the ipfw3_nat module was loaded
 dev03#kldstat | grep
 ipfw3_nat 5    1 0xffffffff83242000
 3000     ipfw3_nat.ko
 if the modules was not loaded,
 then below command to load the kernel module
 dev03#kldload
 ipfw3_nat
 
 Step2: prepare
 NAT config
 dev03#ipfw3 nat 1 config
 if em0ipfw nat
 1 config if em0
 which
 means it will do MASQUERADE using interface
 em0.
 Step3: NAT the
 traffic.  NAT is just ip translate. so both
 direction should go through the same NAT
 config.
 dev03#ipfw3
 add nat 1 tcp via em0
 
 this means both in and out traffic
 on interface em0 will be filtered/ translated by NAT config
 id 1.
 
 hope this helps, please try it and
 if you have any question, just let me know, and
 if you can help to come up with an tutorial by rephrasing
 this and append with your experience, that would be very
 helpful.
 http://www.dragonflybsd.org/docs/ipfw2/
 is an wiki, there is a "edit page"
 link. 
 regards,bycn82
 On 22 June 2015 at 02:31, 
 <nans_nans1 at yahoo.de>
 wrote:
 Can
 someone give me detailed/complete instructions how to
 realize simple working nat with ipfw3 (including rc.conf and
 configuration files).
 
 
 
 The informations on these sites turns out to be sadly sparse
 for me:
 
 https://www.dragonflybsd.org/docs/ipfw2/
 
 http://www.dragonflybsd.org/docs/ipfw2/modules/
 
 
 
 
 
 
 
 
 
 
 



More information about the Users mailing list