From owner-freebsd-net@FreeBSD.ORG Sun Aug 31 15:03:27 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB4961065685 for ; Sun, 31 Aug 2008 15:03:27 +0000 (UTC) (envelope-from marin.bek@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.183]) by mx1.freebsd.org (Postfix) with ESMTP id 770B58FC1B for ; Sun, 31 Aug 2008 15:03:27 +0000 (UTC) (envelope-from marin.bek@gmail.com) Received: by py-out-1112.google.com with SMTP id p76so889966pyb.10 for ; Sun, 31 Aug 2008 08:03:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=BNKEaZY66yfvNdZEQ2KNRsuubtrZV+m9SQWwFMiuQnQ=; b=uADCO1mfmwKadgcz2f2zPv/XGuzgtF6Od0l0+vpnh510yyQe0xfJa5bHhAmhgJlDCg ah2DJrmdikKCx7QmyrbyzLhc/BdQLCwcXXQ5cLmgq6aE1C79hJuTXqL/3+OzxA9rUFzI Ha+zkgQTURaX6azyE2Wvxdgbt8aP53EgUl7d8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=hiaaTJgG3cni/cQi8C0BU2AKL09NSpDIWCnJRZk9foDfSn+OwrMYVomQU63yvgV7Fv uquMT1dDc+R8HXDjkfVd2cNY+goIuX3XzIlNRziju0MmHW7pszbelPVbELJgyKc7eP6G fzVpzkSzX+0KuiLg6X7FXMSE9dgo5IIdhi5Nw= Received: by 10.65.241.20 with SMTP id t20mr10433843qbr.62.1220193079782; Sun, 31 Aug 2008 07:31:19 -0700 (PDT) Received: by 10.65.123.19 with HTTP; Sun, 31 Aug 2008 07:31:19 -0700 (PDT) Message-ID: Date: Sun, 31 Aug 2008 16:31:19 +0200 From: "Marin Bek" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: 7.0 ipfw nat confusion X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Aug 2008 15:03:27 -0000 Hello, I've been using ipfw + natd successfully before, but now have problems using the implemented nat functionality, though I find it a great improvement. Simply NAT-in internal network to external is working flawlessly by just: ipfw nat 1 config if $extern ipfw add 100 nat 1 log ip from any to any But when I add some redirect_port to configuration, it doesn't work. External->internal translation failes (tcpdump unreachable...). Command is accepted, general NAT works fine, but ports are not forwarded. So, I did the following: ipfw nat 1 config if $internal redirect_port tcp 192.168.5.2:5000 5000 redirect_port udp 192.168.5.2:5000 5000 where 192.168.5.X is the internal network, and $internal the NIC connected to this interface. Starting a simple tcp/udp application on one of the internal clients (5.2) on port 5000, and testing it on that computer is successful. But when I attempt to connect to the service via 5.1 (the router internal IP) - no luck. tcpdump-ing gives "192.168.5.1 > 192.168.5.2: ICMP 192.168.5.1 udp port 5000 unreachable" Am I missing something? Should I add some extra rules to the ipfw (it is set to allow_all)? Similar setup worked fine with natd+ipfw. Thanks...