ipfw3 nat help

Bill Yuan bycn82 at gmail.com
Fri Jul 2 08:53:47 PDT 2021 

Yes, already in the "git head".
You can "git pull" and "make kernel" to have the changes.

Regards,
Bill


On Thu, 1 Jul 2021 at 23:47, James Hobson <James.Hobson at jotron.com> wrote:

> How do I get the fixed version?
> Is this a classic rebuild from git head?
>
> James
>
> On 21 Jun 2021, at 17:38, Bill Yuan <bycn82 at gmail.com> wrote:
>
> 
> Hi James,
>
> Thanks for pointing that issue out, it has been fixed.
>
> Regards,
> Bill Yuan
>
> On Tue, 15 Jun 2021 at 15:06, James Hobson <James.Hobson at jotron.com>
> wrote:
>
>> Hello!
>>
>> I'm trying to test out the ipfw3 nat module and I can't seem to get
>> anything to work! The example on the mailing list seems to be out of date
>> (the nat command takes an ip now, not an interface)
>>
>> The setup is this:
>> External nic: em0. IP: 192.168.0.178/24
>> Internal nic: igb0. IP: 172.23.0.1/24
>> Computer attached to internal nic: 172.23.0.2/24
>>
>> all IPs are static
>>
>> my script is as follows:
>> ---------------------------------------------------------
>> #!/bin/sh
>>
>>
>> INT="igb0"
>> EXT="em0"
>>
>>
>> if test -z "$(kldstat | grep ipfw3_nat.ko)"; then
>> kldload ipfw3_layer4
>> fi
>>
>> if test -z "$(kldstat | grep ipfw3_layer4.ko)"; then
>> kldload ipfw3_layer4
>> fi
>>
>> ipfw3 flush
>>
>> ipfw3 add allow all via $INT
>>
>> ipfw3 nat 1 config ip 192.168.0.178
>> ipfw3 add nat 1 all via $EXT
>> ipfw3 nat 1 show state
>>
>> ipfw3 add deny all
>> ---------------------------------------------------------
>>
>> my rc.conf contains:
>> ---------------------------------------------------------
>> ifconfig_em0="inet 192.168.0.178/24"
>> ifconfig_igb0="inet 172.23.0.1/24"
>> gateway_enable=“YES"
>> --------------------------------------------------------
>>
>> my sysctl.conf is:
>> --------------------------------------------------------
>> net.inet.ip.forwarding=1
>> net.filters_default_to_accept=1
>> --------------------------------------------------------
>>
>> But I cannot ping 8.8.8.8 from the computer attached to the internal nic!
>> What am I going wrong?
>>
>> James
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20210702/d7435b90/attachment.htm>

More information about the Users mailing list