Date: Wed, 8 Mar 2017 18:25:28 +0100 From: Andrea Venturoli <ml@netfence.it> To: Freddie Cash <fjwcash@gmail.com> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: Some questions about in-kernel NAT Message-ID: <9d0b09c5-452b-7300-d081-081a64adef96@netfence.it> In-Reply-To: <CAOjFWZ7Yr%2BbAn85sC1bW8jCD41dJ7YC8Gf8CFEYUjF8L5bBzrA@mail.gmail.com> References: <caf27e0a-2d53-624b-5152-d62f2d9a1cde@netfence.it> <CAOjFWZ7Yr%2BbAn85sC1bW8jCD41dJ7YC8Gf8CFEYUjF8L5bBzrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/08/17 18:03, Freddie Cash wrote: > It's listed in the EXAMPLES section of the ipfw(8) man page. > > ipfw nat show config <-- view config for all nat instances > ipfw nat 123 show config <-- view config for nat 123 > ipfw nat 111-999 show <-- view logs for nat 111-999 Oops!!! Been working too much, lately. Sorry for overlooking this section and posting some noise. > Let's get to my problem now: > _ at boot, my re0 interface is configured with IP 192.168.0.1, along > with an alias (192.168.0.2); > _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1" > command; > _ after that ezjail is started, featuring a jail on 192.168.0.3. > From this point on, my aliased packets go out with 192.168.0.3 as > source address. I have to manually run "ipfw nat 2 config ip > 192.168.0.1" again, in order to have them correctly going with the > desired IP. > > > What's the ipfw command that's run at boot time? Sounds like it's > configured to use the interface address instead of a specific IP address. Yes and no: it uses both, i.e. "ipfw nat 2 config if re0 ip 192.168.0.1". However, later only the interface is listed from the show command; i.e.: > # ipfw nat 2 show config > ipfw nat 2 config if re0 Guess I'll have to use the "ip", not "if" then. bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9d0b09c5-452b-7300-d081-081a64adef96>