help wanted with NAT under ipfw

Lee Dilkie Lee at
Fri Apr 30 11:31:18 UTC 2010

On 4/30/2010 4:58 AM, Robert Huff wrote:
> 	I have been trying to get NAT working under ipfw on:
> FreeBSD 9.0-CURRENT #0: Fri Apr 23 11:34:17 EDT 2010 amd64 
> 	and failing.
> 	The ipfw part works fine.  I'm using:
> ipfw_load="YES"
> ipfw_nat_load="YES"	# in-kernel ipfw nat
> libalias_load="YES"	# for in-kernel ipfw nat
> 	my ipfw rules are appended.
> 	However, the moment I do this:
> ipfw add 5000 nat 15 all from any to any
> ipfw nat 15 config log same_ports if em0
> 	the machine is cut off from the outside world.  Removing that
> rule makes things right again.  (Obviously checking whether NAT is
> happening is useless.)
> 	I've read the man page; I've read the Handbook.  Neither are
> helpful.
> 	What am I doing wrong?

Not an expert by any means, but I put the config line first and it
matches the same number as the nat rule.


ipfw nat 5000 config ...
ipfw add nat 5000 ipv4 from any to any via fxp0 (I specify the interface)

not sure if that'll help.


More information about the freebsd-ipfw mailing list