ipfw + NAT doesn't work

Ruben de Groot mail25 at bzerk.org
Thu Sep 17 17:45:07 UTC 2009

On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
> 	I have a machine running
> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 
> 	It has this in the config file for the running kernel:
> options  IPFIREWALL              #firewall
> options  IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
> options  IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
> options  IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
> options  IPFIREWALL_NAT          #ipfw kernel nat support
> options  LIBALIAS 
> 	It ( connects correctly to another machine (;
> I know because .3 mounts one of .1's disks using Samba.
> 	With the ipfw rules appended below, I can't NAT, nor should I
> be able to.  ("em0" faces the Internet; "em1" faces the other
> machine.)
> 	However: using these I still can't get through

Through to what? You seem to be able to connect on a local subnet, but
not to the internet through NAT, which you say is ok, because you shouldn't ?
Please explain exactly what you want to do.

> 	Have I forgotten something?  Or misunderstood something?
> 	If not ... how do I figure out what's wrong?

/var/log/security is a good place to start, as your config seems to log allmost
all denies.
BTW, CURRENT is a development branch.  Fine if you want to run it, but you
should do some basic debugging yourself before posting problems with it. And
then the -questions list is probably not the best place to find answers.


More information about the freebsd-questions mailing list