Equivalent of in_port and out_port with in-kernel nat?
Alexander V. Chernikov
melifaro at FreeBSD.org
Tue Jul 10 12:12:48 UTC 2012
On 10.07.2012 03:18, Rolf Grossmann wrote:
> Hi,
>
> I've started switching my machines to in-kernel nat and I've run into a
> case where I need to tell the nat instance which packets to treat as
> incoming and which as outgoing. With natd I've been able to use divert
> with different ports and in_port and out_port options. The in-kernel nat
> however doesn't seem to have a method of specifying nat direction and
> instead always uses the information from the interface.
Not exactly.
If we're talking about ipfw nat, situation is the following:
ipfw nat module determines direction the following way:
if outgoing interface exists (e.g. ipfw is called after routing decision
is done, "out" case) then inside->outside translation is called (
LibAliasOut founction) otherwise outside->inside is called (
LibAliasIn). This behavior can be reverted by specifying 'reverse'
keyword in nat configuration.
Alternatively, you can specify in/out explicitly by using ng_nat with
ng_ipfw.
>
> My question is, am I missing something? Is there a patch I could try?
> Has the issue even come up before?
>
> Thanks, Rolf.
>
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
--
WBR, Alexander
More information about the freebsd-ipfw
mailing list