IPFW NAT with filtering
me at nileshgr.com
Sun Dec 7 09:19:51 UTC 2014
I'm trying to implement NAT using IPFW for jails. Each jail has an ip in
10.0.0.0/8 subnet, I want to NAT from that private range.
The server has multiple public IPs and some jails may have direct
assignment of public ip.
I'm using workstation in firewall_type and I tried this:
ipfw add 49 nat 123 from any to <wan ip> in
ipfw add 50 nat 123 from 10.0.0.0/8 to any out via <wan ip>
ipfw nat 123 config ip <wan ip>
Then there are rules inserted by rc.firewall
This doesn't work and I'm a bit clueless as to why it doesn't.
I should be able to restrict the outgoing traffic (i.e., limit the
outgoing ports to 22,80,443,etc -- preventing torrents / etc).
Where am I going wrong?
More information about the freebsd-questions