Date: Tue, 2 Jul 2013 17:21:30 +0300 From: Sami Halabi <sodynet1@gmail.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org Subject: Re: DNAT in freebsd Message-ID: <CAEW%2BogYef6esFDkxRefht1z==zdr5bsYv6S-FPgTyZ36GPR_Mg@mail.gmail.com> In-Reply-To: <CAEW%2BogZB9m%2B5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com> References: <CAEW%2BogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com> <20130629002959.GB20376@nat.myhome> <CAEW%2BogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com> <51D006F6.6060809@grosbein.net> <CAEW%2Bogbx15KiayBHFJ7T1YVGQ2pwm1ArQaSrjUk6XUOBgVPggA@mail.gmail.com> <51D04FA8.8080900@grosbein.net> <CAEW%2BogZQ1bHOBNvxkLqnFRrR_b4=e%2BYx9wUjWC8YYr__QsBe3w@mail.gmail.com> <CAEW%2BogZmd4Rz7OgTKV-k=tnSLgG0Y0-4XO%2BxuELznsgVo0XZ%2BA@mail.gmail.com> <51D14930.1060502@grosbein.net> <CAEW%2BogYW9YWZr6TnzqZ%2BHv_e_fFo-MKW1hTdWfw7w=qaCFw3Yg@mail.gmail.com> <51D15D06.9030300@grosbein.net> <CAEW%2BogZB9m%2B5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi again, So far no solution.... Is there really no alternative in FreeBSD? Sami =D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 1 =D7=91=D7=99=D7=95=D7=9C 2013 14:16,= =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>: > Hi, > I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1 > > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 > if I have 10.0.1.1 in em1 no translation is done! > if I delete it (and add a static arp entry in 10.0.1.2 for mac of > 10.0.1.1) > rule 1000 translates well and I get packet from 11.0.3.1->10.0.1.1 > > > ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1 > no translation is done at all! > > Sami > > > ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1 > > ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1 > > > > > > ipfw nat 1 config same_ports ureg_only ip 11.0.3.1 > > ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2 > > > > On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein <eugen@grosbein.net>wrote= : > >> On 01.07.2013 17:05, Sami Halabi wrote: >> > Hi, >> > forgot to mention that but this sysctl is already set to 0. >> > i see in the logs packets pass 1000 rule. >> >> Use rules like 'ipfw add 1500 count log ip from any to any' to check >> intermediate results of translation. >> >> > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW%2BogYef6esFDkxRefht1z==zdr5bsYv6S-FPgTyZ36GPR_Mg>