ipfw3

bycn82 bycn82 at gmail.com
Mon Jun 22 06:33:15 PDT 2015


​your rules are correct.
and you don't need to add the options in kernel config file, that belongs
to ​IPFW

please provide output of below commands:
1. kldstat
2. ipfw3 show
3. ipfw3 nat show config

On 22 June 2015 at 21:08, <nans_nans1 at yahoo.de> wrote:

> Sorry, but this dont work.
> My external nic is ue0 and my internal nic is em0.
>
> I run 4.3 and a kernel with the following options:
>
> options IPFIREWALL
> options IPDIVERT
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPFIREWALL_VERBOSE
>
> What i do:
> In /etc/rc.conf: gateway_enable="YES"
>
> Then:
> kldload ipfw3_nat
> ipfw3 nat 1 config if ue0
> ipfw3 add nat 1 tcp via ue0
>
> The result is that NAT don't work.
>
> What is wrong with my configuration? Have i forgotten something?
>
>
>
>
>
>
> --------------------------------------------
> bycn82 <bycn82 at gmail.com> schrieb am Mo, 22.6.2015:
>
>  Betreff: Re: ipfw3
>  An: nans_nans1 at yahoo.de
>  CC: "users at dragonflybsd.org" <users at dragonflybsd.org>
>  Datum: Montag, 22. Juni, 2015 01:47 Uhr
>
>  hi,
>  sorry for
>  lacking of documentation.
>
>  below are
>  sample steps to use in-kernel NAT with ipfw3.
>  Step1:  make
>  sure the ipfw3_nat module was loaded
>  dev03#kldstat | grep
>  ipfw3_nat 5    1 0xffffffff83242000
>  3000     ipfw3_nat.ko
>  if the modules was not loaded,
>  then below command to load the kernel module
>  dev03#kldload
>  ipfw3_nat
>
>  Step2: prepare
>  NAT config
>  dev03#ipfw3 nat 1 config
>  if em0ipfw nat
>  1 config if em0
>  which
>  means it will do MASQUERADE using interface
>  em0.
>  Step3: NAT the
>  traffic.  NAT is just ip translate. so both
>  direction should go through the same NAT
>  config.
>  dev03#ipfw3
>  add nat 1 tcp via em0
>
>  this means both in and out traffic
>  on interface em0 will be filtered/ translated by NAT config
>  id 1.
>
>  hope this helps, please try it and
>  if you have any question, just let me know, and
>  if you can help to come up with an tutorial by rephrasing
>  this and append with your experience, that would be very
>  helpful.
>  http://www.dragonflybsd.org/docs/ipfw2/
>  is an wiki, there is a "edit page"
>  link.
>  regards,bycn82
>  On 22 June 2015 at 02:31,
>  <nans_nans1 at yahoo.de>
>  wrote:
>  Can
>  someone give me detailed/complete instructions how to
>  realize simple working nat with ipfw3 (including rc.conf and
>  configuration files).
>
>
>
>  The informations on these sites turns out to be sadly sparse
>  for me:
>
>  https://www.dragonflybsd.org/docs/ipfw2/
>
>  http://www.dragonflybsd.org/docs/ipfw2/modules/
>
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150622/9174bd6a/attachment-0001.html>


More information about the Users mailing list