From owner-freebsd-standards@freebsd.org  Wed Jul 20 21:30:45 2016
Return-Path: <owner-freebsd-standards@freebsd.org>
Delivered-To: freebsd-standards@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4A8BB9FD31
 for <freebsd-standards@mailman.ysv.freebsd.org>;
 Wed, 20 Jul 2016 21:30:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7AC551FA6
 for <freebsd-standards@FreeBSD.org>; Wed, 20 Jul 2016 21:30:45 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6KLUjb9049476
 for <freebsd-standards@FreeBSD.org>; Wed, 20 Jul 2016 21:30:45 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-standards@FreeBSD.org
Subject: [Bug 211256] FreeBSD 11 ipfw nat tablearg
Date: Wed, 20 Jul 2016 21:30:45 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: standards
X-Bugzilla-Version: 11.0-BETA1
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: chernov_victor@list.ru
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-standards@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter cc
Message-ID: <bug-211256-15@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-standards@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Standards compliance <freebsd-standards.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-standards>, 
 <mailto:freebsd-standards-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-standards/>
List-Post: <mailto:freebsd-standards@freebsd.org>
List-Help: <mailto:freebsd-standards-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-standards>, 
 <mailto:freebsd-standards-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 21:30:45 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211256

            Bug ID: 211256
           Summary: FreeBSD 11 ipfw nat tablearg
           Product: Base System
           Version: 11.0-BETA1
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: standards
          Assignee: freebsd-standards@FreeBSD.org
          Reporter: chernov_victor@list.ru
                CC: freebsd-amd64@FreeBSD.org
                CC: freebsd-amd64@FreeBSD.org

Hi, sorry for my english, but there was a problem when testing FreeBSD 11 w=
ith
IPFW NAT. There rc.firewall configuration rules, which FreeBSD 10{0,1,2,3}
works without problems
rc.firewall
...
${fwcmd} nat 1 config log ip xx.yy.zz.254 reset same_ports deny_in unreg_on=
ly
${fwcmd} nat 2 config log ip xx.yy.zz.253 reset same_ports deny_in unreg_on=
ly
${fwcmd} nat 3 config log ip xx.yy.zz.252 reset same_ports deny_in unreg_on=
ly
${fwcmd} nat 4 config log ip xx.yy.zz.251 reset same_ports deny_in unreg_on=
ly
${fwcmd} nat 5 config log ip xx.yy.zz.250 reset same_ports deny_in unreg_on=
ly
...
${fwcmd} add 10000 nat tablearg ip4 from not me to table\(3\) in recv vlan0
...
${fwcmd} add 15000 nat tablearg ip4 from table\(4\) to not me out xmit vlan0
...
${fwcmd} table 3 add xx.yy.zz.254/32 1
${fwcmd} table 3 add xx.yy.zz.253/32 2
${fwcmd} table 3 add xx.yy.zz.252/32 3
${fwcmd} table 3 add xx.yy.zz.251/32 4
${fwcmd} table 3 add xx.yy.zz.250/32 5
...
${fwcmd} table 4 add 10.11.0.0/22 1
${fwcmd} table 4 add 10.11.4.0/22 2
${fwcmd} table 4 add 10.11.8.0/22 3
${fwcmd} table 4 add 10.11.12.0/22 4
${fwcmd} table 4 add 10.11.16.0/22 5

when viewing the rules in FreeBSD 10.3 command: ipfw list, result:
...
10000 nat tablearg ip4 from not me to table(3) in recv vlan0
...
15000 nat tablearg ip4 from table(4) to not me out xmit vlan0
...
but in freebsd 11 result:
...
10000 nat global ip4 from not me to table(3) in recv vlan0
...
15000 nat global ip4 from table(4) to not me out xmit vlan0

and IPFW NAT don't work

This is a BUG or a new mechanism of work IPFW NAT in FreeBSD 11?

--=20
You are receiving this mail because:
You are the assignee for the bug.=