your rules are correct. and you don't need to add the options in kernel config file, that belongs to IPFW
please provide output of below commands: 1. kldstat 2. ipfw3 show 3. ipfw3 nat show config On 22 June 2015 at 21:08, <[email protected]> wrote: > Sorry, but this dont work. > My external nic is ue0 and my internal nic is em0. > > I run 4.3 and a kernel with the following options: > > options IPFIREWALL > options IPDIVERT > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_VERBOSE > > What i do: > In /etc/rc.conf: gateway_enable="YES" > > Then: > kldload ipfw3_nat > ipfw3 nat 1 config if ue0 > ipfw3 add nat 1 tcp via ue0 > > The result is that NAT don't work. > > What is wrong with my configuration? Have i forgotten something? > > > > > > > -------------------------------------------- > bycn82 <[email protected]> schrieb am Mo, 22.6.2015: > > Betreff: Re: ipfw3 > An: [email protected] > CC: "[email protected]" <[email protected]> > Datum: Montag, 22. Juni, 2015 01:47 Uhr > > hi, > sorry for > lacking of documentation. > > below are > sample steps to use in-kernel NAT with ipfw3. > Step1: make > sure the ipfw3_nat module was loaded > dev03#kldstat | grep > ipfw3_nat 5 1 0xffffffff83242000 > 3000 ipfw3_nat.ko > if the modules was not loaded, > then below command to load the kernel module > dev03#kldload > ipfw3_nat > > Step2: prepare > NAT config > dev03#ipfw3 nat 1 config > if em0ipfw nat > 1 config if em0 > which > means it will do MASQUERADE using interface > em0. > Step3: NAT the > traffic. NAT is just ip translate. so both > direction should go through the same NAT > config. > dev03#ipfw3 > add nat 1 tcp via em0 > > this means both in and out traffic > on interface em0 will be filtered/ translated by NAT config > id 1. > > hope this helps, please try it and > if you have any question, just let me know, and > if you can help to come up with an tutorial by rephrasing > this and append with your experience, that would be very > helpful. > http://www.dragonflybsd.org/docs/ipfw2/ > is an wiki, there is a "edit page" > link. > regards,bycn82 > On 22 June 2015 at 02:31, > <[email protected]> > wrote: > Can > someone give me detailed/complete instructions how to > realize simple working nat with ipfw3 (including rc.conf and > configuration files). > > > > The informations on these sites turns out to be sadly sparse > for me: > > https://www.dragonflybsd.org/docs/ipfw2/ > > http://www.dragonflybsd.org/docs/ipfw2/modules/ > > > > > > > > > > > >
