Date: Wed, 8 Mar 2017 09:03:59 -0800 From: Freddie Cash <fjwcash@gmail.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: Some questions about in-kernel NAT Message-ID: <CAOjFWZ7Yr%2BbAn85sC1bW8jCD41dJ7YC8Gf8CFEYUjF8L5bBzrA@mail.gmail.com> In-Reply-To: <caf27e0a-2d53-624b-5152-d62f2d9a1cde@netfence.it> References: <caf27e0a-2d53-624b-5152-d62f2d9a1cde@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 8, 2017 at 7:52 AM, Andrea Venturoli <ml@netfence.it> wrote: > Hello. > > I'm using "ipfw nat" on several 10.3 boxes, but I have some questions. > > Let's start with a simple one: how do I list configured NATs and their > details? > I know I can configure a NAT with "ipfw nat 1 config ...", but how do I > show what I did? > It's listed in the EXAMPLES section of the ipfw(8) man page. ipfw nat show config=E2=80=8B <-- view config for all nat instances ipfw nat 123 show config <-- view config for nat 123 ipfw nat 111-999 show <-- view logs for nat 111-999 > Let's get to my problem now: > _ at boot, my re0 interface is configured with IP 192.168.0.1, along with > an alias (192.168.0.2); > _ my ipfw rules get loaded, issuing a "nat 2 config ip 192.168.0.1" > command; > _ after that ezjail is started, featuring a jail on 192.168.0.3. > From this point on, my aliased packets go out with 192.168.0.3 as source > address. I have to manually run "ipfw nat 2 config ip 192.168.0.1" again, > in order to have them correctly going with the desired IP. > =E2=80=8BWhat's the ipfw command that's run at boot time? Sounds like it's configured to use the interface address instead of a specific IP address.= =E2=80=8B --=20 Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ7Yr%2BbAn85sC1bW8jCD41dJ7YC8Gf8CFEYUjF8L5bBzrA>