Chris Boyle wrote:
>...
>
>Any ideas? :-)
>
>
So I tried this out and it got me for a bit...first was
the need for -m64 with gcc...doh...anyway...
The giveaway was that this:
dtrace -n 'fbt:ipf:nat_outlookup:return{printf("done %d\n",arg1);}'
Did not show any hits, at all...when it should have...
Right up at the top of fr_checknatout() is this if statement:
if (ifs->ifs_nat_stats.ns_rules == 0 || ifs->ifs_fr_nat_lock != 0)
return 0;
Which amounts to "if there are no NAT rules or NAT is locked out,
don't try to NAT a packet." A performance orientated check.
So I then did this:
echo 'rdr foo0 0/0 -> 1.1.1.1' | ipnat -f -
and then the sample app you posted worked.
IPFilter's NAT wasn't meant to be used like this, with _no_ rules...
Hope this helps :)
Cheers,
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
