Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 06 May 2006 16:17:09 -0300
From:      Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
To:        ipfw@freebsd.org
Subject:   Re: [6.x patchset] Ipfw nat and libalias modules
Message-ID:  <445CF635.4050700@freebsdbrasil.com.br>
In-Reply-To: <445C9418.6040201@boox.co.yu>
References:  <20060430135736.GB48117@tin.it> <445B27FF.10803@boox.co.yu>	<445B45B4.4030404@freebsdbrasil.com.br>	<445B59F4.1090609@boox.co.yu> <445B5E3A.5030800@freebsdbrasil.com.br> <445C9418.6040201@boox.co.yu>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Now, I think that we have to make some ipfw example code for NAT 
> in-kernel with and without keep-state/chack-state .
> I start in monday with stateful ipfw.
> 
> Thanks for help me!!!
> (Now I have FreeBSD 6.1)
> 

I haven't tried with keep-state yes (dont even know if keep-state is 
ready to maintain "nat" state, I think it is not). The box which is 
taking me to internet right now at my building is ipfw nat, for wired 
and wireless networks. Here are the running rules:

(eksffa@hs)~# ipfw show | grep nat
20000   19812654    104938057 nat 20 ip from { 10.69.69.0/24 or 
172.16.69.0/24 } to any out via sis0
20100   27128929  37927915720 nat 20 ip from any to any in via sis0

(eksffa@hs)~# ipfw nat 20 show config
ipfw nat 20 config if sis0 log unreg_only redir_port tcp 
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp 
10.69.69.39:6969 3969

(eksffa@hs)~# grep nat /etc/rc.firewall
         $fwcmd nat 20 config if sis0 log unreg_only redir_port tcp 
10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp 
10.69.69.39:6969 3969

         $fwcmd add 20000 set 20 nat 20 all from $redes to any out via $ife

         $fwcmd add 20100 set 20 nat 20 all from any to any in via $ife

I have some more enviroments running NAT in in different IPs with 
"prob", for testing purposes. I can print configs next week, since I 
cant access those boxes on weekends.

I hope it helps as example, I have just rewriten selective "divert" 
which I used before into "nat" rules.

BTW (offside note): Next week I will add a TinyBSD image with ipfw nat 
(FreeBSD 6.1) on www.tinybsd.org, so if anyone want to try ipfw nat in 
their soekris/wrap/whatever boards, hang on untill wednesday.

-- 
Patrick Tracanelli

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?445CF635.4050700>