Some questions about in-kernel NAT
Andrea Venturoli
ml at netfence.it
Wed Mar 8 15:53:03 UTC 2017
Hello.
I'm using "ipfw nat" on several 10.3 boxes, but I have some questions.
Let's start with a simple one: how do I list configured NATs and their
details?
I know I can configure a NAT with "ipfw nat 1 config ...", but how do I
show what I did?
Second question:
_ if I issue "ipfw nat 2 config if re0", I'll see the output "ipfw nat 2
config if re0";
_ if I issue "ipfw nat 2 config ip 192.168.0.1", I'll see the output
"ipfw nat 2 config ip 192.168.0.1";
_ however if I issue "ipfw nat 2 config if re0 ip 192.168.0.1", output
will be "ipfw nat 2 config if re0".
Does this mean the "ip" part was ignored? Are "if" and "ip" mutually
exclusive?
I don't think this is mentioned in the man page...
Let's get to my problem now:
_ at boot, my re0 interface is configured with IP 192.168.0.1, along
with an alias (192.168.0.2);
_ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1" command;
_ after that ezjail is started, featuring a jail on 192.168.0.3.
From this point on, my aliased packets go out with 192.168.0.3 as
source address. I have to manually run "ipfw nat 2 config ip
192.168.0.1" again, in order to have them correctly going with the
desired IP.
How can I avoid this (and eliminate the need of manual intervention
after each boot)?
Of course I could use some trick, like writing a rc.d script that runs
after ezjail's, but I'd like to understand and solve (not work around) :)
TIA.
bye
av.
More information about the freebsd-net
mailing list