ipfw3 nat help

[James Hobson]

How do I get the fixed version?
Is this a classic rebuild from git head?

James

On 21 Jun 2021, at 17:38, Bill Yuan <bycn82 at gmail.com> wrote:


Hi James,

Thanks for pointing that issue out, it has been fixed.

Regards,
Bill Yuan

On Tue, 15 Jun 2021 at 15:06, James Hobson <James.Hobson at jotron.com<mailto:James.Hobson at jotron.com>> wrote:
Hello!

I'm trying to test out the ipfw3 nat module and I can't seem to get anything to work! The example on the mailing list seems to be out of date (the nat command takes an ip now, not an interface)

The setup is this:
External nic: em0. IP: 192.168.0.178/24<http://192.168.0.178/24>
Internal nic: igb0. IP: 172.23.0.1/24<http://172.23.0.1/24>
Computer attached to internal nic: 172.23.0.2/24<http://172.23.0.2/24>

all IPs are static

my script is as follows:
---------------------------------------------------------
#!/bin/sh


INT="igb0"
EXT="em0"


if test -z "$(kldstat | grep ipfw3_nat.ko)"; then
kldload ipfw3_layer4
fi

if test -z "$(kldstat | grep ipfw3_layer4.ko)"; then
kldload ipfw3_layer4
fi

ipfw3 flush

ipfw3 add allow all via $INT

ipfw3 nat 1 config ip 192.168.0.178
ipfw3 add nat 1 all via $EXT
ipfw3 nat 1 show state

ipfw3 add deny all
---------------------------------------------------------

my rc.conf contains:
---------------------------------------------------------
ifconfig_em0="inet 192.168.0.178/24<http://192.168.0.178/24>"
ifconfig_igb0="inet 172.23.0.1/24<http://172.23.0.1/24>"
gateway_enable=“YES"
--------------------------------------------------------

my sysctl.conf is:
--------------------------------------------------------
net.inet.ip.forwarding=1
net.filters_default_to_accept=1
--------------------------------------------------------

But I cannot ping 8.8.8.8 from the computer attached to the internal nic!
What am I going wrong?

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20210701/9a6d47c1/attachment-0002.htm>