From owner-freebsd-net@freebsd.org  Mon Feb  8 15:11:48 2016
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D9BCAA1021
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon,  8 Feb 2016 15:11:48 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "vps1.elischer.org",
 Issuer "CA Cert Signing Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1C5C51CFF
 for <freebsd-net@freebsd.org>; Mon,  8 Feb 2016 15:11:47 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local
 (ppp121-45-229-231.lns20.per1.internode.on.net [121.45.229.231])
 (authenticated bits=0)
 by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u18F6QYw039853
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Mon, 8 Feb 2016 07:06:33 -0800 (PST)
 (envelope-from julian@freebsd.org)
Subject: Re: Problem with ipfw, in-kernel NAT and port redirection to jails
To: Alexey Roslyakov <free@oneex.me>, freebsd-net@freebsd.org
References: <A88A7FED-B5DD-4B1E-96A4-AE1F3EAB8E30@0x89.net>
 <56B5A77B.2010108@oneex.me> <66-1856806937.20160208133039@bf.pstu.ru>
 <56B897B1.7090007@oneex.me>
Cc: Kiryanov Vassily <kvas@bf.pstu.ru>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <56B8AEEC.3030904@freebsd.org>
Date: Mon, 8 Feb 2016 23:06:20 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
 Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56B897B1.7090007@oneex.me>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 15:11:48 -0000

On 8/02/2016 9:27 PM, Alexey Roslyakov via freebsd-net wrote:
> 08.02.2016 12:30, Kiryanov Vassily пишет:
>> Hello Alexey,
>>
>> Thank you for this information, I have thoughts about using pf nat as
>> an alternative way and your example will be useful for me.
>>
>> But Eugene Grosbein adviced me to turn off tso4 on network card
>> underlaying my VLANs and it was enough to solve problem with port
>> redirection. Without turning tso4 off ipfw + in-kernel NAT works
>> fine but port redirection fails.
>>
>
> Thank you. It's my mistake - was confused by home gateway, where 
> redirect_port worked perfectly (NIC without TSO support), and there 
> is a notice in section BUGS of ipfw(8) about incompatible libalias 
> and TSO.

so why are you using libalias?
I may have misread what you are doing but IP masquerading might work 
better.  (ipfw fwd rule with local destination)
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>