IPFW NAT with filtering
Nilesh Govindrajan
me at nileshgr.com
Sun Dec 7 14:32:08 UTC 2014
On Sunday 07 December 2014 02:48 PM, Nilesh Govindrajan wrote:
> Hi,
>
> I'm trying to implement NAT using IPFW for jails. Each jail has an ip in
> 10.0.0.0/8 subnet, I want to NAT from that private range.
>
> The server has multiple public IPs and some jails may have direct
> assignment of public ip.
>
> I'm using workstation in firewall_type and I tried this:
>
> ipfw add 49 nat 123 from any to <wan ip> in
> ipfw add 50 nat 123 from 10.0.0.0/8 to any out via <wan ip>
> ipfw nat 123 config ip <wan ip>
>
> Then there are rules inserted by rc.firewall
>
> This doesn't work and I'm a bit clueless as to why it doesn't.
>
> I should be able to restrict the outgoing traffic (i.e., limit the
> outgoing ports to 22,80,443,etc -- preventing torrents / etc).
>
> Where am I going wrong?
>
Never mind, figured it out.
More information about the freebsd-questions
mailing list