what is the result? line 100 allow all line 200 nat 1 tcp via xxx
sure it doesnt work On 23 June 2015 at 21:36, <[email protected]> wrote: > now i write a small script: > > kldload ipfw3_nat > ipfw3 add allow all > ipfw3 nat 1 config if bnx1 > ipfw3 add nat 1 tcp via bnx1 > > > But nat/firewalling still dont work. > > Any more suggestions? > > > -------------------------------------------- > bycn82 <[email protected]> schrieb am Di, 23.6.2015: > > Betreff: Re: ipfw3 > An: [email protected] > CC: "[email protected]" <[email protected]> > Datum: Dienstag, 23. Juni, 2015 02:46 Uhr > > you can write > a script to load the modules and firewall rules > first. > On 22 June 2015 at 23:39, > <[email protected]> > wrote: > yes, you are right: There is no > traffic out via bnx1. > > It's for a business company. So no teamviewer is > possible. > > > > Is there anything else what could be wrong, maybe in > rc.conf? > > What about natd_enable ? > > > > -------------------------------------------- > > bycn82 <[email protected]> > schrieb am Mo, 22.6.2015: > > > > Betreff: Re: ipfw3 > > An: [email protected] > > CC: "[email protected]" > <[email protected]> > > Datum: Montag, 22. Juni, 2015 17:27 Uhr > > > > yes, > > if you are > > using the latest DragonflyBSD source,then you can > > print the NAT records like > "ip show nat > > translation" on cisco routers. > > On 22 June 2015 at 23:22, > > <[email protected]> > > wrote: > > That is a > > good question. Is "tcpdump -nettti bnx1" the > right > > command to verify this? > > > > > > > > -------------------------------------------- > > > > bycn82 <[email protected]> > > schrieb am Mo, 22.6.2015: > > > > > > > > Betreff: Re: ipfw3 > > > > An: [email protected] > > > > Datum: Montag, 22. Juni, 2015 17:11 Uhr > > > > > > > > but do you > > > > have any traffic go out via bnx1 ? > > > > On 22 June 2015 at 23:08, > > > > <[email protected]> > > > > wrote: > > > > ok. i try it on another machine with > > > > 4.3 and without the options in kernel config. The > result > > is > > > > the same. > > > > > > > > > > > > > > > > Some data: > > > > > > > > Internal NIC: bnx0, 192.168.100.188/24 > > > > > > > > External NIC: bnx1, 192.168.10.229/24 > > > > > > > > > > > > > > > > rc.conf: > > > > > > > > gateway_enable="YES" > > > > > > > > defaultrouter="192.168.10.200" > > > > > > > > > > > > > > > > Then: > > > > > > > > kldload ipfw3_nat > > > > > > > > ipfw3 nat 1 config if bnx1 > > > > > > > > ipfw3 add nat 1 tcp via bnx1 > > > > > > > > > > > > > > > > The outputs: > > > > > > > > > > > > > > > > kldstat: > > > > > > > > > > > > > > > > kernel > > > > > > > > acpi.ko > > > > > > > > ehci.ko > > > > > > > > xhci.ko > > > > > > > > ipfw3_nat.ko > > > > > > > > ipfw3_basic.ko > > > > > > > > ipfw3.ko > > > > > > > > libalias.ko > > > > > > > > > > > > > > > > ipfw3 show: > > > > > > > > > > > > > > > > 00100 0 0 nat 1 tcp via bnx1 > > > > > > > > 65535 699 51067 deny > > > > > > > > > > > > > > > > ipfw3 nat show config: > > > > > > > > ipfw nat 1 config if bnx1 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Is something wrong? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------- > > > > > > > > bycn82 <[email protected]> > > > > schrieb am Mo, 22.6.2015: > > > > > > > > > > > > > > > > Betreff: Re: ipfw3 > > > > > > > > An: [email protected] > > > > > > > > CC: "[email protected]" > > > > <[email protected]> > > > > > > > > Datum: Montag, 22. > > > > Juni, 2015 15:33 Uhr > > > > > > > > > > > > > > > > your rules > > > > > > > > are correct.and you > > > > > > > > don't need to add the > > > > options in kernel config file, > > > > > > > > that belongs to IPFW > > > > > > > > please provide > > > > > > > > output of below commands:1. > > > > > > > > kldstat2. ipfw3 > > > > > > > > show3. ipfw3 nat > > > > > > > > show config > > > > > > > > On 22 June 2015 at 21:08, > > > > > > > > <[email protected]> > > > > > > > > wrote: > > > > > > > > Sorry, > > > > > > > > but this dont work. > > > > > > > > > > > > > > > > My external nic is ue0 and my internal nic is em0. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I run 4.3 and a kernel with the following options: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > options IPFIREWALL > > > > > > > > > > > > > > > > options IPDIVERT > > > > > > > > > > > > > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > > > > > > > > > > > > > options IPFIREWALL_VERBOSE > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > What i do: > > > > > > > > > > > > > > > > In /etc/rc.conf: gateway_enable="YES" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Then: > > > > > > > > > > > > > > > > kldload ipfw3_nat > > > > > > > > > > > > > > > > ipfw3 nat 1 config if ue0 > > > > > > > > > > > > > > > > ipfw3 add nat 1 tcp via ue0 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The result is that NAT don't work. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > What is wrong with my configuration? Have i > forgotten > > > > > > > > something? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------- > > > > > > > > > > > > > > > > bycn82 <[email protected]> > > > > > > > > schrieb am Mo, 22.6.2015: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Betreff: Re: ipfw3 > > > > > > > > > > > > > > > > An: [email protected] > > > > > > > > > > > > > > > > CC: "[email protected]" > > > > > > > > <[email protected]> > > > > > > > > > > > > > > > > Datum: Montag, 22. Juni, 2015 01:47 Uhr > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > hi, > > > > > > > > > > > > > > > > sorry for > > > > > > > > > > > > > > > > lacking of documentation. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > below are > > > > > > > > > > > > > > > > sample steps to use in-kernel NAT with ipfw3. > > > > > > > > > > > > > > > > Step1: make > > > > > > > > > > > > > > > > sure the ipfw3_nat module was loaded > > > > > > > > > > > > > > > > dev03#kldstat | grep > > > > > > > > > > > > > > > > ipfw3_nat 5 1 0xffffffff83242000 > > > > > > > > > > > > > > > > 3000 ipfw3_nat.ko > > > > > > > > > > > > > > > > if the modules was not loaded, > > > > > > > > > > > > > > > > then below command to load the kernel module > > > > > > > > > > > > > > > > dev03#kldload > > > > > > > > > > > > > > > > ipfw3_nat > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Step2: prepare > > > > > > > > > > > > > > > > NAT config > > > > > > > > > > > > > > > > dev03#ipfw3 nat 1 config > > > > > > > > > > > > > > > > if em0ipfw nat > > > > > > > > > > > > > > > > 1 config if em0 > > > > > > > > > > > > > > > > which > > > > > > > > > > > > > > > > means it will do MASQUERADE using interface > > > > > > > > > > > > > > > > em0. > > > > > > > > > > > > > > > > Step3: NAT the > > > > > > > > > > > > > > > > traffic. NAT is just ip translate. so both > > > > > > > > > > > > > > > > direction should go through the same NAT > > > > > > > > > > > > > > > > config. > > > > > > > > > > > > > > > > dev03#ipfw3 > > > > > > > > > > > > > > > > add nat 1 tcp via em0 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > this means both in and out traffic > > > > > > > > > > > > > > > > on interface em0 will be filtered/ translated by > > NAT > > > > > > > > config > > > > > > > > > > > > > > > > id 1. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > hope this helps, please try it and > > > > > > > > > > > > > > > > if you have any question, just let me know, and > > > > > > > > > > > > > > > > if you can help to come up with an tutorial by > > > > > > > > rephrasing > > > > > > > > > > > > > > > > this and append with your experience, that would > be > > > > > > > > very > > > > > > > > > > > > > > > > helpful. > > > > > > > > > > > > > > > > http://www.dragonflybsd.org/docs/ipfw2/ > > > > > > > > > > > > > > > > is an wiki, there is a "edit page" > > > > > > > > > > > > > > > > link. > > > > > > > > > > > > > > > > regards,bycn82 > > > > > > > > > > > > > > > > On 22 June 2015 at 02:31, > > > > > > > > > > > > > > > > <[email protected]> > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > Can > > > > > > > > > > > > > > > > someone give me detailed/complete instructions > how > > to > > > > > > > > > > > > > > > > realize simple working nat with ipfw3 (including > > > > rc.conf > > > > > > > > and > > > > > > > > > > > > > > > > configuration files). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The informations on these sites turns out to be > > sadly > > > > > > > > sparse > > > > > > > > > > > > > > > > for me: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://www.dragonflybsd.org/docs/ipfw2/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://www.dragonflybsd.org/docs/ipfw2/modules/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
