From owner-freebsd-doc@freebsd.org  Tue Jul 14 08:57:53 2015
Return-Path: <owner-freebsd-doc@freebsd.org>
Delivered-To: freebsd-doc@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4C92299C40E
 for <freebsd-doc@mailman.ysv.freebsd.org>;
 Tue, 14 Jul 2015 08:57:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 39364810
 for <freebsd-doc@FreeBSD.org>; Tue, 14 Jul 2015 08:57:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t6E8vrtu057900
 for <freebsd-doc@FreeBSD.org>; Tue, 14 Jul 2015 08:57:53 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-doc@FreeBSD.org
Subject: [Bug 201448] [IPFW] keep-state and in-kernel NAT exposes local ip on
 external interface
Date: Tue, 14 Jul 2015 08:57:53 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Documentation
X-Bugzilla-Component: Documentation
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: dleg@free.fr
X-Bugzilla-Status: New
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-doc@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-201448-9-A8CtCAcwzQ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-201448-9@https.bugs.freebsd.org/bugzilla/>
References: <bug-201448-9@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc/>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
 <mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2015 08:57:53 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201448

--- Comment #3 from dlegrand <dleg@free.fr> ---
(In reply to g_amanakis@yahoo.com from comment #2)

I've done the changes you proposed, and there is no more IP packet not nated.
But I don't think there is an error in the handbook for the intended purpose in
the NAT section. If the outbound traffic is aliased before checking rules in
your IPFW rules file, you can't check on LAN private IP because the private IP
is replaced with your public IP. This is why we are using 'skipto' to do
outbound aliasing after the check on private IP.

I think there is something wrong with IPFW + NAT, but the handbook seems OK.

-- 
You are receiving this mail because:
You are the assignee for the bug.