ipfw3 nat help

Bill Yuan bycn82 at gmail.com
Mon Jun 21 08:38:17 PDT 2021


Hi James,

Thanks for pointing that issue out, it has been fixed.

Regards,
Bill Yuan

On Tue, 15 Jun 2021 at 15:06, James Hobson <James.Hobson at jotron.com> wrote:

> Hello!
>
> I'm trying to test out the ipfw3 nat module and I can't seem to get
> anything to work! The example on the mailing list seems to be out of date
> (the nat command takes an ip now, not an interface)
>
> The setup is this:
> External nic: em0. IP: 192.168.0.178/24
> Internal nic: igb0. IP: 172.23.0.1/24
> Computer attached to internal nic: 172.23.0.2/24
>
> all IPs are static
>
> my script is as follows:
> ---------------------------------------------------------
> #!/bin/sh
>
>
> INT="igb0"
> EXT="em0"
>
>
> if test -z "$(kldstat | grep ipfw3_nat.ko)"; then
> kldload ipfw3_layer4
> fi
>
> if test -z "$(kldstat | grep ipfw3_layer4.ko)"; then
> kldload ipfw3_layer4
> fi
>
> ipfw3 flush
>
> ipfw3 add allow all via $INT
>
> ipfw3 nat 1 config ip 192.168.0.178
> ipfw3 add nat 1 all via $EXT
> ipfw3 nat 1 show state
>
> ipfw3 add deny all
> ---------------------------------------------------------
>
> my rc.conf contains:
> ---------------------------------------------------------
> ifconfig_em0="inet 192.168.0.178/24"
> ifconfig_igb0="inet 172.23.0.1/24"
> gateway_enable=“YES"
> --------------------------------------------------------
>
> my sysctl.conf is:
> --------------------------------------------------------
> net.inet.ip.forwarding=1
> net.filters_default_to_accept=1
> --------------------------------------------------------
>
> But I cannot ping 8.8.8.8 from the computer attached to the internal nic!
> What am I going wrong?
>
> James
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20210621/aab678bb/attachment-0002.htm>


More information about the Users mailing list