help wanted with NAT under ipfw
Dmitriy Demidov
dima_bsd at inbox.lv
Fri Apr 30 16:23:17 UTC 2010
On Friday 30 April 2010, Robert Huff wrote:
> I have been trying to get NAT working under ipfw on:
>
> FreeBSD 9.0-CURRENT #0: Fri Apr 23 11:34:17 EDT 2010 amd64
>
> and failing.
> The ipfw part works fine. I'm using:
>
> ipfw_load="YES"
> ipfw_nat_load="YES" # in-kernel ipfw nat
> libalias_load="YES" # for in-kernel ipfw nat
>
> my ipfw rules are appended.
> However, the moment I do this:
>
> ipfw add 5000 nat 15 all from any to any
> ipfw nat 15 config log same_ports if em0
>
> the machine is cut off from the outside world. Removing that
> rule makes things right again. (Obviously checking whether NAT is
> happening is useless.)
> I've read the man page; I've read the Handbook. Neither are
> helpful.
> What am I doing wrong?
>
> Respectfully,
>
>
> Robert Huff
Hi,
This could happen because of old annoying bug (or "feature"?) that seats
somethere in the middle of libalias and em driver:
http://www.freebsd.org/cgi/query-pr.cgi?pr=143939&cat=kern
Try to turn off RXCSUM,TXCSUM on em interface:
ifconfig em0 -rxcsum -txcsum -tso
Good luck.
More information about the freebsd-ipfw
mailing list