Date: Wed, 8 Mar 2017 16:52:36 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-net@freebsd.org Subject: Some questions about in-kernel NAT Message-ID: <caf27e0a-2d53-624b-5152-d62f2d9a1cde@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I'm using "ipfw nat" on several 10.3 boxes, but I have some questions. Let's start with a simple one: how do I list configured NATs and their details? I know I can configure a NAT with "ipfw nat 1 config ...", but how do I show what I did? Second question: _ if I issue "ipfw nat 2 config if re0", I'll see the output "ipfw nat 2 config if re0"; _ if I issue "ipfw nat 2 config ip 192.168.0.1", I'll see the output "ipfw nat 2 config ip 192.168.0.1"; _ however if I issue "ipfw nat 2 config if re0 ip 192.168.0.1", output will be "ipfw nat 2 config if re0". Does this mean the "ip" part was ignored? Are "if" and "ip" mutually exclusive? I don't think this is mentioned in the man page... Let's get to my problem now: _ at boot, my re0 interface is configured with IP 192.168.0.1, along with an alias (192.168.0.2); _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1" command; _ after that ezjail is started, featuring a jail on 192.168.0.3. From this point on, my aliased packets go out with 192.168.0.3 as source address. I have to manually run "ipfw nat 2 config ip 192.168.0.1" again, in order to have them correctly going with the desired IP. How can I avoid this (and eliminate the need of manual intervention after each boot)? Of course I could use some trick, like writing a rc.d script that runs after ezjail's, but I'd like to understand and solve (not work around) :) TIA. bye av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?caf27e0a-2d53-624b-5152-d62f2d9a1cde>