Date: Fri, 18 Sep 2009 16:05:43 +0200 From: Ruben de Groot <mail25@bzerk.org> To: Robert Huff <roberthuff@rcn.com> Cc: questions@freebsd.org Subject: Re: ipfw + NAT doesn't work Message-ID: <20090918140543.GA41585@ei.bzerk.org> In-Reply-To: <19122.34200.621509.774171@jerusalem.litteratus.org> References: <19122.17463.670129.782291@jerusalem.litteratus.org> <20090917174501.GA34712@ei.bzerk.org> <19122.34200.621509.774171@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 17, 2009 at 02:53:12PM -0400, Robert Huff typed:
>
> Ruben de Groot writes:
>
> > > However: using these I still can't get through
> >
> > Through to what? You seem to be able to connect on a local subnet, but
> > not to the internet through NAT, which you say is ok, because you
> > shouldn't ?
> >
> > Please explain exactly what you want to do.
>
> 1) With the firewall enabled, but no NAT-related rules, I can't
> get out.
> This is as expected.
> 2) With the NAT rules added, I should be able to get out, but
> can't.
> Clear?
I think so. What's your outgoing ip? The rules you posted:
>ipfw add 5000 nat 15 all from any to any
>ipfw nat 15 config log same_ports ip 10.0.0.0/8
^^^^^^^^^^
Looks strange to me. Instead of 10.0.0.0/8 I believe you should use
a single IP that you want to translate to (ie your outgoing IP address).
Ruben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090918140543.GA41585>