Some questions about in-kernel NAT
Andrea Venturoli
ml at netfence.it
Wed Mar 8 17:25:51 UTC 2017
On 03/08/17 18:03, Freddie Cash wrote:
> It's listed in the EXAMPLES section of the ipfw(8) man page.
>
> ipfw nat show config <-- view config for all nat instances
> ipfw nat 123 show config <-- view config for nat 123
> ipfw nat 111-999 show <-- view logs for nat 111-999
Oops!!!
Been working too much, lately.
Sorry for overlooking this section and posting some noise.
> Let's get to my problem now:
> _ at boot, my re0 interface is configured with IP 192.168.0.1, along
> with an alias (192.168.0.2);
> _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1"
> command;
> _ after that ezjail is started, featuring a jail on 192.168.0.3.
> From this point on, my aliased packets go out with 192.168.0.3 as
> source address. I have to manually run "ipfw nat 2 config ip
> 192.168.0.1" again, in order to have them correctly going with the
> desired IP.
>
>
> What's the ipfw command that's run at boot time? Sounds like it's
> configured to use the interface address instead of a specific IP address.
Yes and no: it uses both, i.e. "ipfw nat 2 config if re0 ip 192.168.0.1".
However, later only the interface is listed from the show command; i.e.:
> # ipfw nat 2 show config
> ipfw nat 2 config if re0
Guess I'll have to use the "ip", not "if" then.
bye & Thanks
av.
More information about the freebsd-net
mailing list