7.0 ipfw nat confusion

Marin Bek marin.bek at gmail.com
Sun Aug 31 15:03:27 UTC 2008


Hello,

I've been using ipfw + natd successfully  before, but now have problems
using the implemented nat functionality, though I find it a great
improvement.

Simply NAT-in internal network to external is working flawlessly by just:

ipfw nat 1 config if $extern
ipfw add 100 nat 1 log ip from any to any

But when I add some redirect_port to configuration, it doesn't work.
External->internal translation failes (tcpdump unreachable...). Command is
accepted, general NAT works fine, but ports are not forwarded. So, I did the
following:

ipfw nat 1 config if $internal redirect_port tcp 192.168.5.2:5000 5000
redirect_port udp 192.168.5.2:5000 5000

where 192.168.5.X is the internal network, and $internal the NIC connected
to this interface. Starting a simple tcp/udp application on one of the
internal clients (5.2) on port 5000, and testing it on that computer is
successful. But when I attempt to connect to the service via 5.1 (the router
internal IP) - no luck.
tcpdump-ing gives "192.168.5.1 > 192.168.5.2: ICMP 192.168.5.1 udp port 5000
unreachable"

Am I missing something? Should I add some extra rules to the ipfw (it is set
to allow_all)?

Similar setup worked fine with natd+ipfw.

Thanks...


More information about the freebsd-net mailing list