DNAT in freebsd

Ian Smith smithi at nimnet.asn.au
Sat Jul 6 13:02:47 UTC 2013

On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote:
 > On 06.07.2013 14:47, Sami Halabi wrote:
 > > Hi,
 > > Any hope?
 > Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules
 > I recommended? If yes, why have not you show that logs yet?
 > Include tcpdump output from external and internal interfaces too.

Sami, this was very good advice.  I'll go further and say add _lots_ of 
'count log' rules before and after each nat rule, one each for packets 
you might expect from different sources of interest, and to different 
destinations expected from your nat mapping, and also the unexpected.

Then run some test packets, afterwards running 'ipfw -t show' so you 
(and we) can clearly see which packets went which way and when.  This 
may help debugging greatly; we need you to tell less, and show us more.

Julian also put some time into a well detailed plan, based of course on 
assumptions reached with not a lot to go on; you should try using that, 
and feeding back some very specific results.

cheers, Ian

More information about the freebsd-net mailing list