From owner-freebsd-questions@FreeBSD.ORG Fri Sep 18 14:05:49 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C7F6A1065670 for ; Fri, 18 Sep 2009 14:05:49 +0000 (UTC) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (tunnel490.ipv6.xs4all.nl [IPv6:2001:888:10:1ea::2]) by mx1.freebsd.org (Postfix) with ESMTP id 589DB8FC08 for ; Fri, 18 Sep 2009 14:05:49 +0000 (UTC) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.14.2/8.14.2) with ESMTP id n8IE5imI041706; Fri, 18 Sep 2009 16:05:44 +0200 (CEST) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.14.2/8.14.2/Submit) id n8IE5h2J041705; Fri, 18 Sep 2009 16:05:43 +0200 (CEST) (envelope-from mail25@bzerk.org) Date: Fri, 18 Sep 2009 16:05:43 +0200 From: Ruben de Groot To: Robert Huff Message-ID: <20090918140543.GA41585@ei.bzerk.org> References: <19122.17463.670129.782291@jerusalem.litteratus.org> <20090917174501.GA34712@ei.bzerk.org> <19122.34200.621509.774171@jerusalem.litteratus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <19122.34200.621509.774171@jerusalem.litteratus.org> User-Agent: Mutt/1.4.2.3i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ei.bzerk.org X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0.1 (ei.bzerk.org [127.0.0.1]); Fri, 18 Sep 2009 16:05:47 +0200 (CEST) Cc: questions@freebsd.org Subject: Re: ipfw + NAT doesn't work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2009 14:05:49 -0000 On Thu, Sep 17, 2009 at 02:53:12PM -0400, Robert Huff typed: > > Ruben de Groot writes: > > > > However: using these I still can't get through > > > > Through to what? You seem to be able to connect on a local subnet, but > > not to the internet through NAT, which you say is ok, because you > > shouldn't ? > > > > Please explain exactly what you want to do. > > 1) With the firewall enabled, but no NAT-related rules, I can't > get out. > This is as expected. > 2) With the NAT rules added, I should be able to get out, but > can't. > Clear? I think so. What's your outgoing ip? The rules you posted: >ipfw add 5000 nat 15 all from any to any >ipfw nat 15 config log same_ports ip 10.0.0.0/8 ^^^^^^^^^^ Looks strange to me. Instead of 10.0.0.0/8 I believe you should use a single IP that you want to translate to (ie your outgoing IP address). Ruben