Date: Tue, 10 Jul 2012 16:11:20 +0400 From: "Alexander V. Chernikov" <melifaro@FreeBSD.org> To: Rolf Grossmann <rg@progtech.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: Equivalent of in_port and out_port with in-kernel nat? Message-ID: <4FFC1BE8.6010205@FreeBSD.org> In-Reply-To: <4FFB66AB.2020306@progtech.net> References: <4FFB66AB.2020306@progtech.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10.07.2012 03:18, Rolf Grossmann wrote: > Hi, > > I've started switching my machines to in-kernel nat and I've run into a > case where I need to tell the nat instance which packets to treat as > incoming and which as outgoing. With natd I've been able to use divert > with different ports and in_port and out_port options. The in-kernel nat > however doesn't seem to have a method of specifying nat direction and > instead always uses the information from the interface. Not exactly. If we're talking about ipfw nat, situation is the following: ipfw nat module determines direction the following way: if outgoing interface exists (e.g. ipfw is called after routing decision is done, "out" case) then inside->outside translation is called ( LibAliasOut founction) otherwise outside->inside is called ( LibAliasIn). This behavior can be reverted by specifying 'reverse' keyword in nat configuration. Alternatively, you can specify in/out explicitly by using ng_nat with ng_ipfw. > > My question is, am I missing something? Is there a patch I could try? > Has the issue even come up before? > > Thanks, Rolf. > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > -- WBR, Alexander
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FFC1BE8.6010205>