ipfw3

nans_nans1 at yahoo.de nans_nans1 at yahoo.de
Mon Jun 22 08:08:28 PDT 2015


ok. i try it on another machine with 4.3 and without the options in kernel config. The result is the same.

Some data:
Internal NIC: bnx0, 192.168.100.188/24
External NIC: bnx1, 192.168.10.229/24

rc.conf:
gateway_enable="YES"
defaultrouter="192.168.10.200"

Then:
kldload ipfw3_nat
ipfw3 nat 1 config if bnx1 
ipfw3 add nat 1 tcp via bnx1

The outputs:

kldstat:

kernel
acpi.ko
ehci.ko
xhci.ko
ipfw3_nat.ko
ipfw3_basic.ko
ipfw3.ko
libalias.ko

ipfw3 show:

00100   0   0   nat 1 tcp via bnx1
65535  699  51067  deny

ipfw3 nat show config:
ipfw nat 1 config if bnx1



Is something wrong?



--------------------------------------------
bycn82 <bycn82 at gmail.com> schrieb am Mo, 22.6.2015:

 Betreff: Re: ipfw3
 An: nans_nans1 at yahoo.de
 CC: "users at dragonflybsd.org" <users at dragonflybsd.org>
 Datum: Montag, 22. Juni, 2015 15:33 Uhr
 
 ​your rules
 are correct.and you
 don't need to add the options in kernel config file,
 that belongs to ​IPFW
 please provide
 output of below commands:1.
 kldstat2. ipfw3
 show3. ipfw3 nat
 show config
 On 22 June 2015 at 21:08, 
 <nans_nans1 at yahoo.de>
 wrote:
 Sorry,
 but this dont work.
 
 My external nic is ue0 and my internal nic is em0.
 
 
 
 I run 4.3 and a kernel with the following options:
 
 
 
 options IPFIREWALL
 
 options IPDIVERT
 
 options IPFIREWALL_DEFAULT_TO_ACCEPT
 
 options IPFIREWALL_VERBOSE
 
 
 
 What i do:
 
 In /etc/rc.conf: gateway_enable="YES"
 
 
 
 Then:
 
 kldload ipfw3_nat
 
 ipfw3 nat 1 config if ue0
 
 ipfw3 add nat 1 tcp via ue0
 
 
 
 The result is that NAT don't work.
 
 
 
 What is wrong with my configuration? Have i forgotten
 something?
 
 
 
 
 
 
 
 
 
 
 
 
 
 --------------------------------------------
 
 bycn82 <bycn82 at gmail.com>
 schrieb am Mo, 22.6.2015:
 
 
 
  Betreff: Re: ipfw3
 
  An: nans_nans1 at yahoo.de
 
  CC: "users at dragonflybsd.org"
 <users at dragonflybsd.org>
 
  Datum: Montag, 22. Juni, 2015 01:47 Uhr
 
 
 
  hi,
 
  sorry for
 
  lacking of documentation. 
 
 
 
  below are
 
  sample steps to use in-kernel NAT with ipfw3.
 
  Step1:  make
 
  sure the ipfw3_nat module was loaded
 
  dev03#kldstat | grep
 
  ipfw3_nat 5    1 0xffffffff83242000
 
  3000     ipfw3_nat.ko
 
  if the modules was not loaded,
 
  then below command to load the kernel module
 
  dev03#kldload
 
  ipfw3_nat
 
 
 
  Step2: prepare
 
  NAT config
 
  dev03#ipfw3 nat 1 config
 
  if em0ipfw nat
 
  1 config if em0
 
  which
 
  means it will do MASQUERADE using interface
 
  em0.
 
  Step3: NAT the
 
  traffic.  NAT is just ip translate. so both
 
  direction should go through the same NAT
 
  config.
 
  dev03#ipfw3
 
  add nat 1 tcp via em0
 
 
 
  this means both in and out traffic
 
  on interface em0 will be filtered/ translated by NAT
 config
 
  id 1.
 
 
 
  hope this helps, please try it and
 
  if you have any question, just let me know, and
 
  if you can help to come up with an tutorial by
 rephrasing
 
  this and append with your experience, that would be
 very
 
  helpful.
 
  http://www.dragonflybsd.org/docs/ipfw2/
 
  is an wiki, there is a "edit page"
 
  link. 
 
  regards,bycn82
 
  On 22 June 2015 at 02:31,
 
  <nans_nans1 at yahoo.de>
 
  wrote:
 
  Can
 
  someone give me detailed/complete instructions how to
 
  realize simple working nat with ipfw3 (including rc.conf
 and
 
  configuration files).
 
 
 
 
 
 
 
  The informations on these sites turns out to be sadly
 sparse
 
  for me:
 
 
 
  https://www.dragonflybsd.org/docs/ipfw2/
 
 
 
  http://www.dragonflybsd.org/docs/ipfw2/modules/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 



More information about the Users mailing list