Some questions about in-kernel NAT
Freddie Cash
fjwcash at gmail.com
Wed Mar 8 17:04:01 UTC 2017
On Wed, Mar 8, 2017 at 7:52 AM, Andrea Venturoli <ml at netfence.it> wrote:
> Hello.
>
> I'm using "ipfw nat" on several 10.3 boxes, but I have some questions.
>
> Let's start with a simple one: how do I list configured NATs and their
> details?
> I know I can configure a NAT with "ipfw nat 1 config ...", but how do I
> show what I did?
>
It's listed in the EXAMPLES section of the ipfw(8) man page.
ipfw nat show config <-- view config for all nat instances
ipfw nat 123 show config <-- view config for nat 123
ipfw nat 111-999 show <-- view logs for nat 111-999
> Let's get to my problem now:
> _ at boot, my re0 interface is configured with IP 192.168.0.1, along with
> an alias (192.168.0.2);
> _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1"
> command;
> _ after that ezjail is started, featuring a jail on 192.168.0.3.
> From this point on, my aliased packets go out with 192.168.0.3 as source
> address. I have to manually run "ipfw nat 2 config ip 192.168.0.1" again,
> in order to have them correctly going with the desired IP.
>
What's the ipfw command that's run at boot time? Sounds like it's
configured to use the interface address instead of a specific IP address.
--
Freddie Cash
fjwcash at gmail.com
More information about the freebsd-net
mailing list