Date: Tue, 14 Jul 2015 08:57:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 201448] [IPFW] keep-state and in-kernel NAT exposes local ip on external interface Message-ID: <bug-201448-9-A8CtCAcwzQ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-201448-9@https.bugs.freebsd.org/bugzilla/> References: <bug-201448-9@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201448 --- Comment #3 from dlegrand <dleg@free.fr> --- (In reply to g_amanakis@yahoo.com from comment #2) I've done the changes you proposed, and there is no more IP packet not nated. But I don't think there is an error in the handbook for the intended purpose in the NAT section. If the outbound traffic is aliased before checking rules in your IPFW rules file, you can't check on LAN private IP because the private IP is replaced with your public IP. This is why we are using 'skipto' to do outbound aliasing after the check on private IP. I think there is something wrong with IPFW + NAT, but the handbook seems OK. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201448-9-A8CtCAcwzQ>