From owner-freebsd-net@freebsd.org  Mon Feb  8 13:27:26 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88DF8AA145F
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon,  8 Feb 2016 13:27:26 +0000 (UTC) (envelope-from free@oneex.me)
Received: from mail.oneex.me (mail.oneex.me [91.193.143.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 42423DBB
 for <freebsd-net@freebsd.org>; Mon,  8 Feb 2016 13:27:25 +0000 (UTC)
 (envelope-from free@oneex.me)
Received: from [192.168.0.110] (unknown [85.12.216.123])
 by mail.oneex.me (Postfix) with ESMTPSA id 1A2D1C3F5A;
 Mon,  8 Feb 2016 18:27:13 +0500 (YEKT)
Authentication-Results: mail.oneex.me; dmarc=fail header.from=oneex.me
Authentication-Results: mail.oneex.me; spf=pass smtp.mailfrom=free@oneex.me
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=oneex.me; s=mail;
 t=1454938033; bh=ellb7+Dd5lTQpB0h/n2RrASHuM+7TCSDJ1tuh0DQ5BM=;
 h=Subject:To:References:Cc:From:Date:In-Reply-To;
 b=XTpAZtGgXOQILwqk8Qz4w54Xv7AmUmjYvT3ZcXuVczd7SjEzBDM3vT8d4xcYBWpca
 sl8fbc5iUOzM5R+Ga62TME4CZyr6xkiIrf6HYw7741y8AJmGGGEZFx9RyWtOP4Dy0s
 3Lh0O3VoQ8IaKhQyegrt0Oqw+cr1oB5KlZw9zm/U=
Subject: Re: Problem with ipfw, in-kernel NAT and port redirection to jails
To: freebsd-net@freebsd.org
References: <A88A7FED-B5DD-4B1E-96A4-AE1F3EAB8E30@0x89.net>
 <56B5A77B.2010108@oneex.me> <66-1856806937.20160208133039@bf.pstu.ru>
Cc: Kiryanov Vassily <kvas@bf.pstu.ru>
From: Alexey Roslyakov <free@oneex.me>
Message-ID: <56B897B1.7090007@oneex.me>
Date: Mon, 8 Feb 2016 18:27:13 +0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <66-1856806937.20160208133039@bf.pstu.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 13:27:26 -0000

08.02.2016 12:30, Kiryanov Vassily пишет:
> Hello Alexey,
>
> Thank you for this information, I have thoughts about using pf nat as
> an alternative way and your example will be useful for me.
>
> But Eugene Grosbein adviced me to turn off tso4 on network card
> underlaying my VLANs and it was enough to solve problem with port
> redirection. Without turning tso4 off ipfw + in-kernel NAT works
> fine but port redirection fails.
>

Thank you. It's my mistake - was confused by home gateway, where 
redirect_port worked perfectly (NIC without TSO support), and there is a 
notice in section BUGS of ipfw(8) about incompatible libalias and TSO.