IPFW NAT with filtering

Nilesh Govindrajan me at nileshgr.com
Sun Dec 7 09:19:51 UTC 2014


I'm trying to implement NAT using IPFW for jails. Each jail has an ip in subnet, I want to NAT from that private range.

The server has multiple public IPs and some jails may have direct
assignment of public ip.

I'm using workstation in firewall_type and I tried this:

ipfw add 49 nat 123 from any to <wan ip> in
ipfw add 50 nat 123 from to any out via <wan ip>
ipfw nat 123 config ip <wan ip>

Then there are rules inserted by rc.firewall

This doesn't work and I'm a bit clueless as to why it doesn't.

I should be able to restrict the outgoing traffic (i.e., limit the
outgoing ports to 22,80,443,etc -- preventing torrents / etc).

Where am I going wrong?

More information about the freebsd-questions mailing list