From owner-freebsd-net@FreeBSD.ORG  Tue Jul  2 14:21:31 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id A9339192;
 Tue,  2 Jul 2013 14:21:31 +0000 (UTC)
 (envelope-from sodynet1@gmail.com)
Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com
 [IPv6:2607:f8b0:400e:c02::233])
 by mx1.freebsd.org (Postfix) with ESMTP id 79DB71088;
 Tue,  2 Jul 2013 14:21:31 +0000 (UTC)
Received: by mail-pd0-f179.google.com with SMTP id q10so3641836pdj.24
 for <multiple recipients>; Tue, 02 Jul 2013 07:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=v5sflUrLA93oBHu2bhJeXdy2nzU7cAxAowhdHU6CSf4=;
 b=Ghb4SdwsLleetJB7pnaZAbwIp9uzQ2lUFYLK7EOo25oeT76dE9rl+VTGb0IQDAL2TR
 jhRlyEf1SAwf7+BIxwh6HzfLEpo6Glj6VARfWHE9T+0p4p2ZpOTpNiNGUo49K17yuffa
 cacFCCUBAPPp1wAAwA2WCAYoxleKw3KgoI/57iNKYKCXd9CJqtxVuXCQ6SAWaYWpEfon
 fUKt8gJF0P2y+BJkQqz7eSjJX13qIpn3gwPX99yaNQ/rbDXBG7O8kIpGqaV1u9xZf5On
 oDHOpbUU8+cWv3GctMGrDjPA4CR8EFAGTTNNvKR+d9tJaBxCil1WoXSN2FxRuhNppdg0
 eO4Q==
MIME-Version: 1.0
X-Received: by 10.68.235.103 with SMTP id ul7mr29405855pbc.14.1372774891213;
 Tue, 02 Jul 2013 07:21:31 -0700 (PDT)
Received: by 10.70.71.7 with HTTP; Tue, 2 Jul 2013 07:21:30 -0700 (PDT)
Received: by 10.70.71.7 with HTTP; Tue, 2 Jul 2013 07:21:30 -0700 (PDT)
In-Reply-To: <CAEW+ogZB9m+5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com>
References: <CAEW+ogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com>
 <20130629002959.GB20376@nat.myhome>
 <CAEW+ogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com>
 <51D006F6.6060809@grosbein.net>
 <CAEW+ogbx15KiayBHFJ7T1YVGQ2pwm1ArQaSrjUk6XUOBgVPggA@mail.gmail.com>
 <51D04FA8.8080900@grosbein.net>
 <CAEW+ogZQ1bHOBNvxkLqnFRrR_b4=e+Yx9wUjWC8YYr__QsBe3w@mail.gmail.com>
 <CAEW+ogZmd4Rz7OgTKV-k=tnSLgG0Y0-4XO+xuELznsgVo0XZ+A@mail.gmail.com>
 <51D14930.1060502@grosbein.net>
 <CAEW+ogYW9YWZr6TnzqZ+Hv_e_fFo-MKW1hTdWfw7w=qaCFw3Yg@mail.gmail.com>
 <51D15D06.9030300@grosbein.net>
 <CAEW+ogZB9m+5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com>
Date: Tue, 2 Jul 2013 17:21:30 +0300
Message-ID: <CAEW+ogYef6esFDkxRefht1z==zdr5bsYv6S-FPgTyZ36GPR_Mg@mail.gmail.com>
Subject: Re: DNAT in freebsd
From: Sami Halabi <sodynet1@gmail.com>
To: Eugene Grosbein <eugen@grosbein.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2013 14:21:31 -0000

Hi again,
So far no solution....

Is there really no alternative in FreeBSD?

Sami
=D7=91=D7=AA=D7=90=D7=A8=D7=99=D7=9A 1 =D7=91=D7=99=D7=95=D7=9C 2013 14:16,=
 =D7=9E=D7=90=D7=AA "Sami Halabi" <sodynet1@gmail.com>:

> Hi,
> I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1
> > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1
> if I have 10.0.1.1 in em1 no translation is done!
> if I delete it (and add a static arp entry in 10.0.1.2 for mac of
> 10.0.1.1)
> rule 1000 translates well and I get packet from 11.0.3.1->10.0.1.1
>
> > ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1
> no translation is done at all!
>
> Sami
>
> > ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1
> > ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1
> >
> >
> > ipfw nat 1 config same_ports ureg_only ip 11.0.3.1
> > ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2
>
>
>
> On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein <eugen@grosbein.net>wrote=
:
>
>> On 01.07.2013 17:05, Sami Halabi wrote:
>> > Hi,
>> > forgot to mention that but this sysctl is already set to 0.
>> > i see in the logs packets pass 1000 rule.
>>
>> Use rules like 'ipfw add 1500 count log ip from any to any' to check
>> intermediate results of translation.
>>
>>
>
>
> --
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
>