Date: Sun, 07 Dec 2014 14:48:37 +0530 From: Nilesh Govindrajan <me@nileshgr.com> To: freebsd-questions@freebsd.org Subject: IPFW NAT with filtering Message-ID: <54841B6D.7030901@nileshgr.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to implement NAT using IPFW for jails. Each jail has an ip in 10.0.0.0/8 subnet, I want to NAT from that private range. The server has multiple public IPs and some jails may have direct assignment of public ip. I'm using workstation in firewall_type and I tried this: ipfw add 49 nat 123 from any to <wan ip> in ipfw add 50 nat 123 from 10.0.0.0/8 to any out via <wan ip> ipfw nat 123 config ip <wan ip> Then there are rules inserted by rc.firewall This doesn't work and I'm a bit clueless as to why it doesn't. I should be able to restrict the outgoing traffic (i.e., limit the outgoing ports to 22,80,443,etc -- preventing torrents / etc). Where am I going wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54841B6D.7030901>