From owner-freebsd-net@FreeBSD.ORG Mon Oct 8 08:22:51 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EB4616A417 for ; Mon, 8 Oct 2007 08:22:51 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from mail.oltrelinux.com (krisma.oltrelinux.com [194.242.226.43]) by mx1.freebsd.org (Postfix) with ESMTP id 562FB13C461 for ; Mon, 8 Oct 2007 08:22:50 +0000 (UTC) (envelope-from piso@southcross.wired.org) Received: from southcross.wired.org (host-84-221-83-187.cust-adsl.tiscali.it [84.221.83.187]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.oltrelinux.com (Postfix) with ESMTP id CD24B11AE43; Mon, 8 Oct 2007 10:22:49 +0200 (CEST) Received: (from piso@localhost) by southcross.wired.org (8.14.1/8.14.1/Submit) id l988MvvS009231; Mon, 8 Oct 2007 10:22:57 +0200 (CEST) (envelope-from piso) Date: Mon, 8 Oct 2007 10:22:56 +0200 From: Paolo Pisati To: "Andrey V. Elsukov" Message-ID: <20071008082256.GA9098@tin.it> References: <4708D2EE.4010405@psg.com> <4709D44E.5050305@psg.com> <4709D647.1050803@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4709D647.1050803@yandex.ru> User-Agent: Mutt/1.5.16 (2007-06-09) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at krisma.oltrelinux.com Cc: Randy Bush , FreeBSD Net Subject: Re: ipfw nat befuddlement X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2007 08:22:51 -0000 On Mon, Oct 08, 2007 at 11:03:35AM +0400, Andrey V. Elsukov wrote: > Randy Bush wrote: >> # grep -n nat /etc/ipfw.rules >> 33:add nat 123 all from any to any >> 34:add nat 123 config if vr0 > ^^^^^^^^ - add is not needed here. ipfw nat crash course: echo "net.inet.ip.fw.one_pass=0" >> /etc/sysctl.conf and manually add: ipfw nat 123 config if $IF log ipfw add nat 123 ip4 from any to any via $IF or substisute natd_enable/natd_interface in rc.conf with: firewall_nat_enable="yes" firewall_nat_interface="$IF" Done. bye, P.