From owner-freebsd-net@freebsd.org Wed Mar 8 17:25:51 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2324FD03699 for ; Wed, 8 Mar 2017 17:25:51 +0000 (UTC) (envelope-from ml@netfence.it) Received: from smtp209.alice.it (smtp209.alice.it [82.57.200.105]) by mx1.freebsd.org (Postfix) with ESMTP id B3902128C for ; Wed, 8 Mar 2017 17:25:50 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.ventu (82.52.25.226) by smtp209.alice.it (8.6.060.28) (authenticated as acanedi@alice.it) id 588F429D06874907; Wed, 8 Mar 2017 18:25:31 +0100 Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) by soth.ventu (8.15.2/8.15.2) with ESMTP id v28HPS4N038369; Wed, 8 Mar 2017 18:25:29 +0100 (CET) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.ventu: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu Subject: Re: Some questions about in-kernel NAT To: Freddie Cash Cc: freebsd-net References: From: Andrea Venturoli Message-ID: <9d0b09c5-452b-7300-d081-081a64adef96@netfence.it> Date: Wed, 8 Mar 2017 18:25:28 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2017 17:25:51 -0000 On 03/08/17 18:03, Freddie Cash wrote: > It's listed in the EXAMPLES section of the ipfw(8) man page. > > ipfw nat show config​ <-- view config for all nat instances > ipfw nat 123 show config <-- view config for nat 123 > ipfw nat 111-999 show <-- view logs for nat 111-999 Oops!!! Been working too much, lately. Sorry for overlooking this section and posting some noise. > Let's get to my problem now: > _ at boot, my re0 interface is configured with IP 192.168.0.1, along > with an alias (192.168.0.2); > _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1" > command; > _ after that ezjail is started, featuring a jail on 192.168.0.3. > From this point on, my aliased packets go out with 192.168.0.3 as > source address. I have to manually run "ipfw nat 2 config ip > 192.168.0.1" again, in order to have them correctly going with the > desired IP. > > > ​What's the ipfw command that's run at boot time? Sounds like it's > configured to use the interface address instead of a specific IP address.​ Yes and no: it uses both, i.e. "ipfw nat 2 config if re0 ip 192.168.0.1". However, later only the interface is listed from the show command; i.e.: > # ipfw nat 2 show config > ipfw nat 2 config if re0 Guess I'll have to use the "ip", not "if" then. bye & Thanks av.