Date: Sun, 07 Dec 2014 20:00:54 +0530 From: Nilesh Govindrajan <me@nileshgr.com> To: freebsd-questions@freebsd.org Subject: Re: IPFW NAT with filtering Message-ID: <5484649E.8040208@nileshgr.com> In-Reply-To: <54841B6D.7030901@nileshgr.com> References: <54841B6D.7030901@nileshgr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 07 December 2014 02:48 PM, Nilesh Govindrajan wrote: > Hi, > > I'm trying to implement NAT using IPFW for jails. Each jail has an ip in > 10.0.0.0/8 subnet, I want to NAT from that private range. > > The server has multiple public IPs and some jails may have direct > assignment of public ip. > > I'm using workstation in firewall_type and I tried this: > > ipfw add 49 nat 123 from any to <wan ip> in > ipfw add 50 nat 123 from 10.0.0.0/8 to any out via <wan ip> > ipfw nat 123 config ip <wan ip> > > Then there are rules inserted by rc.firewall > > This doesn't work and I'm a bit clueless as to why it doesn't. > > I should be able to restrict the outgoing traffic (i.e., limit the > outgoing ports to 22,80,443,etc -- preventing torrents / etc). > > Where am I going wrong? > Never mind, figured it out.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5484649E.8040208>