Date: Sat, 6 Jul 2019 01:01:22 -0700 From: Yuri <yuri@rawbw.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: How to set up ipfw(8) NAT between an alias and the main IP address, when the alias is in another network? Message-ID: <8e388abc-f2ac-b070-cf86-a4d3971ac095@rawbw.com>
next in thread | raw e-mail | index | archive | help
My network interface looks like this: sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80009<RXCSUM,VLAN_MTU,LINKSTATE> ether 01:3c:47:8a:17:12 inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 inet 192.168.100.2 netmask 0xffffffff broadcast 192.168.100.2 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> The second IP address is an alias that is used for jail. I would like to set up NAT so that this jail would access the internet through the same interface. I tried this script: fw="/sbin/ipfw -q" $fw nat 1 config redirect_addr 192.168.100.2 192.168.1.2 redirect_addr 192.168.1.2 192.168.100.2 if sk0 unreg_only reset $fw add 1001 nat 1 tcp from 192.168.100.2/32 to any via sk0 keep-state $fw add 1002 check-state The rule 1001 has keep-state, therefore it should process both outgoing tcp and incoming response packets. But the outbound packets are NATted, but the inbound ones are not. What is wrong, and how to fix this script? Thank you, Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e388abc-f2ac-b070-cf86-a4d3971ac095>