From owner-freebsd-net@FreeBSD.ORG  Mon Jul  1 11:16:01 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 7850C1F8;
 Mon,  1 Jul 2013 11:16:01 +0000 (UTC)
 (envelope-from sodynet1@gmail.com)
Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com
 [IPv6:2607:f8b0:400e:c01::22b])
 by mx1.freebsd.org (Postfix) with ESMTP id 4E6651301;
 Mon,  1 Jul 2013 11:16:01 +0000 (UTC)
Received: by mail-pb0-f43.google.com with SMTP id md12so4683061pbc.2
 for <multiple recipients>; Mon, 01 Jul 2013 04:16:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=eE8qwYEdLDvMe4xO9nO4WyjcS4FfxcjdscMIXDFR5D8=;
 b=P2UYW+XXynEbvgDSKSe9wCi5Yk4FN8ZXMuYWW0IP94PGPI5AYNKGZQIeMAmH1QYHEP
 axVn0NE5npIsTajNS6IfOWpG+j4zZSjg1fgGj6WUgKu9H/XksT97WAbs5e+y7dxY1QA/
 HR123HI2VLRr6aR0T/i+LXwedz3PHj9Zr4KybUXabeq3mYQ0Mmb5pzVMq6vS5pvGOlaJ
 zsLTYdCIADY+5yI8ta9uszg+1O+a5AOj5OnOqJMV08CpjG3WCnfp9wPqhPIJ+AKKIiJw
 fBXQCxpSJZf6EfPEbm1yWbTabdBSc94kqDzNxYmNCSoDKQFjGMQWfHS33pvu2sHW6UIz
 xxYw==
MIME-Version: 1.0
X-Received: by 10.68.171.99 with SMTP id at3mr2318015pbc.64.1372677360659;
 Mon, 01 Jul 2013 04:16:00 -0700 (PDT)
Received: by 10.70.71.7 with HTTP; Mon, 1 Jul 2013 04:16:00 -0700 (PDT)
In-Reply-To: <51D15D06.9030300@grosbein.net>
References: <CAEW+ogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
 <20130629002959.GB20376@nat.myhome>
 <CAEW+ogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com>
 <51D006F6.6060809@grosbein.net>
 <CAEW+ogbx15KiayBHFJ7T1YVGQ2pwm1ArQaSrjUk6XUOBgVPggA@mail.gmail.com>
 <51D04FA8.8080900@grosbein.net>
 <CAEW+ogZQ1bHOBNvxkLqnFRrR_b4=e+Yx9wUjWC8YYr__QsBe3w@mail.gmail.com>
 <CAEW+ogZmd4Rz7OgTKV-k=tnSLgG0Y0-4XO+xuELznsgVo0XZ+A@mail.gmail.com>
 <51D14930.1060502@grosbein.net>
 <CAEW+ogYW9YWZr6TnzqZ+Hv_e_fFo-MKW1hTdWfw7w=qaCFw3Yg@mail.gmail.com>
 <51D15D06.9030300@grosbein.net>
Date: Mon, 1 Jul 2013 14:16:00 +0300
Message-ID: <CAEW+ogZB9m+5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com>
Subject: Re: DNAT in freebsd
From: Sami Halabi <sodynet1@gmail.com>
To: Eugene Grosbein <eugen@grosbein.net>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>,
 freebsd-ipfw <freebsd-ipfw@freebsd.org>
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 11:16:01 -0000

Hi,
I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1
> ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1
if I have 10.0.1.1 in em1 no translation is done!
if I delete it (and add a static arp entry in 10.0.1.2 for mac of 10.0.1.1)
rule 1000 translates well and I get packet from 11.0.3.1->10.0.1.1

> ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1
no translation is done at all!

Sami

> ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1
> ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1
>
>
> ipfw nat 1 config same_ports ureg_only ip 11.0.3.1
> ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2



On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein <eugen@grosbein.net> wrote:

> On 01.07.2013 17:05, Sami Halabi wrote:
> > Hi,
> > forgot to mention that but this sysctl is already set to 0.
> > i see in the logs packets pass 1000 rule.
>
> Use rules like 'ipfw add 1500 count log ip from any to any' to check
> intermediate results of translation.
>
>


-- 
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert