DNAT in freebsd
smithi at nimnet.asn.au
Sat Jul 6 13:02:47 UTC 2013
On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote:
> On 06.07.2013 14:47, Sami Halabi wrote:
> > Hi,
> > Any hope?
> Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules
> I recommended? If yes, why have not you show that logs yet?
> Include tcpdump output from external and internal interfaces too.
Sami, this was very good advice. I'll go further and say add _lots_ of
'count log' rules before and after each nat rule, one each for packets
you might expect from different sources of interest, and to different
destinations expected from your nat mapping, and also the unexpected.
Then run some test packets, afterwards running 'ipfw -t show' so you
(and we) can clearly see which packets went which way and when. This
may help debugging greatly; we need you to tell less, and show us more.
Julian also put some time into a well detailed plan, based of course on
assumptions reached with not a lot to go on; you should try using that,
and feeding back some very specific results.
More information about the freebsd-net