Hi, I'm an ipfw user that finally got the opportunity to set up NAT on an interface with a public IP. I was doing some multi-homing experiments using ipfw fwd combined with outbound ipfw nat - and since I needed to run both, and both immediately ended ipfw ruleset execution, I had to turn off net.inet.ip.fw.one_pass.
This is where I discovered that with that setting turned off, my inbound NAT rule stopped working. Seems that with one-pass execution, the NAT rule also performs keep-state of some sort, the dynamic state table looks ok and everything works fine. But if I turn it off, and do my own "allow all in keep-state" after applying a static NAT rule on an inbound connection, I see that the state table has the remote IP on the left side and mine on the right side. I also see that my NAT setup breaks and my packets are sent to the internet with a 192.168.0.x source address. I'd like to ask if I'm doing anything wrong, or whether this is a bug. I checked the issue tracker, but found no relevant issues there. I also tried asking around, but it seems noone even uses ipfw anymore. Triggering the issue requires a modified kernel (ipfw forward and ipfw nat are not available by default), requires using ipfw nat (a relatively new thing) instead of the old natd daemon, and requires changing the value of a system setting. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"