Hi, I've tried the following:
em1 - ip 10.0.1.1/24 em2 - ip 11.0.3.1/24 route add 11.0.4.0/24 11.0.3.2 ipfw flush ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1 ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1 ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1 ipfw nat 1 config same_ports ureg_only ip 11.0.3.1 ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2 what i see in tcpdump and logs is that the rule 1000 converts the ip correctly 10.0.1.2->10.0.1.1 ==> 11.0.3.1->10.0.1.1 while the 2000 rule does nothing... Thanks in advance, Sami On Sun, Jun 30, 2013 at 11:27 PM, Sami Halabi <sodyn...@gmail.com> wrote: > Hi Eugene, > > It simply doesn't work for me, the reverse option doesn't work properly > for me.... it keeps translating the source instead of the destination... > > > On Sun, Jun 30, 2013 at 6:32 PM, Eugene Grosbein <eu...@grosbein.net>wrote: > >> On 30.06.2013 18:48, Sami Halabi wrote: >> > Hi, >> > I don't understand how reverse mode works exactly, and didn't find a >> good example. >> > >> > >> > can you try and help on the configuration? >> >> Well, that's pretty simple. Generally, NAT translates source IP address >> of the packet >> keeping destination IP intact. You need both of source and >> destination addresses get translated. Reverse NAT translates does, >> well, reverse thing: it translates destination IP keeping source IP >> intact. >> So, you just need setup two ipfw nat instances, one "general" and one >> "reverse" >> and pass your packets through both instances. >> >> Eugene Grosbein >> >> >> > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
