'Re: ipfw3 nat help'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dragonfly-users
Subject:    Re: ipfw3 nat help
From:       Bill Yuan <bycn82 () gmail ! com>
Date:       2021-07-02 15:53:47
Message-ID: CAC+JH2wvB1hR8oLDR8FaRK8+kY6-4v+iDu_1vH5C182UwunPdg () mail ! gmail ! com
[Download RAW message or body]

Yes, already in the "git head".
You can "git pull" and "make kernel" to have the changes.

Regards,
Bill


On Thu, 1 Jul 2021 at 23:47, James Hobson <James.Hobson@jotron.com> wrote:

> How do I get the fixed version?
> Is this a classic rebuild from git head?
>
> James
>
> On 21 Jun 2021, at 17:38, Bill Yuan <bycn82@gmail.com> wrote:
>
> 
> Hi James,
>
> Thanks for pointing that issue out, it has been fixed.
>
> Regards,
> Bill Yuan
>
> On Tue, 15 Jun 2021 at 15:06, James Hobson <James.Hobson@jotron.com>
> wrote:
>
>> Hello!
>>
>> I'm trying to test out the ipfw3 nat module and I can't seem to get
>> anything to work! The example on the mailing list seems to be out of date
>> (the nat command takes an ip now, not an interface)
>>
>> The setup is this:
>> External nic: em0. IP: 192.168.0.178/24
>> Internal nic: igb0. IP: 172.23.0.1/24
>> Computer attached to internal nic: 172.23.0.2/24
>>
>> all IPs are static
>>
>> my script is as follows:
>> ---------------------------------------------------------
>> #!/bin/sh
>>
>>
>> INT="igb0"
>> EXT="em0"
>>
>>
>> if test -z "$(kldstat | grep ipfw3_nat.ko)"; then
>> kldload ipfw3_layer4
>> fi
>>
>> if test -z "$(kldstat | grep ipfw3_layer4.ko)"; then
>> kldload ipfw3_layer4
>> fi
>>
>> ipfw3 flush
>>
>> ipfw3 add allow all via $INT
>>
>> ipfw3 nat 1 config ip 192.168.0.178
>> ipfw3 add nat 1 all via $EXT
>> ipfw3 nat 1 show state
>>
>> ipfw3 add deny all
>> ---------------------------------------------------------
>>
>> my rc.conf contains:
>> ---------------------------------------------------------
>> ifconfig_em0="inet 192.168.0.178/24"
>> ifconfig_igb0="inet 172.23.0.1/24"
>> gateway_enable="YES"
>> --------------------------------------------------------
>>
>> my sysctl.conf is:
>> --------------------------------------------------------
>> net.inet.ip.forwarding=1
>> net.filters_default_to_accept=1
>> --------------------------------------------------------
>>
>> But I cannot ping 8.8.8.8 from the computer attached to the internal nic!
>> What am I going wrong?
>>
>> James
>>
>

[Attachment #3 (text/html)]

<div dir="ltr"><div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000">Yes, already in \
the &quot;git head&quot;.</div><div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000">You can \
&quot;git pull&quot; and &quot;make kernel&quot; to have the changes.</div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000"><br></div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000">Regards,</div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000">Bill</div><div \
class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:#000000"><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 1 Jul 2021 at 23:47, \
James Hobson &lt;<a href="mailto:James.Hobson@jotron.com">James.Hobson@jotron.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">



<div dir="auto">
How do I get the fixed version?
<div>Is this a classic rebuild from git head?<br>
<div><br>
<div dir="ltr">James</div>
<div dir="ltr"><br>
<blockquote type="cite">On 21 Jun 2021, at 17:38, Bill Yuan &lt;<a \
href="mailto:bycn82@gmail.com" target="_blank">bycn82@gmail.com</a>&gt; wrote:<br> \
<br> </blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> Hi \
James,</div> <div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> <br>
</div>
<div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> Thanks for \
pointing that issue out, it has been fixed.    </div> <div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> </div>
<div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> <br>
</div>
<div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> \
Regards,</div> <div class="gmail_default" \
style="font-family:verdana,sans-serif;font-size:small;color:rgb(0,0,0)"> Bill \
Yuan</div> </div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 15 Jun 2021 at 15:06, James Hobson &lt;<a \
href="mailto:James.Hobson@jotron.com" target="_blank">James.Hobson@jotron.com</a>&gt; \
wrote:<br> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <div dir="auto">
<div>Hello!<br>
<br>
I&#39;m trying to test out the ipfw3 nat module and I can&#39;t seem to get anything \
to work! The example on the mailing list seems to be out of date (the nat command \
takes an ip now, not an interface)<br> <br>
The setup is this:<br>
External nic: em0. IP: <a href="http://192.168.0.178/24" \
target="_blank">192.168.0.178/24</a><br> Internal nic: igb0. IP: <a \
href="http://172.23.0.1/24" target="_blank">172.23.0.1/24</a><br> Computer attached \
to internal nic: <a href="http://172.23.0.2/24" target="_blank"> \
172.23.0.2/24</a><br> <br>
all IPs are static<br>
<br>
my script is as follows:<br>
---------------------------------------------------------<br>
#!/bin/sh<br>
<br>
<br>
INT=&quot;igb0&quot;<br>
EXT=&quot;em0&quot;<br>
<br>
<br>
if test -z &quot;$(kldstat | grep ipfw3_nat.ko)&quot;; then<br>
<span style="white-space:pre-wrap"></span>kldload ipfw3_layer4<br>
fi<br>
<br>
if test -z &quot;$(kldstat | grep ipfw3_layer4.ko)&quot;; then<br>
<span style="white-space:pre-wrap"></span>kldload ipfw3_layer4<br>
fi<br>
<br>
ipfw3 flush<br>
<br>
ipfw3 add allow all via $INT<br>
<br>
ipfw3 nat 1 config ip 192.168.0.178<br>
ipfw3 add nat 1 all via $EXT<br>
ipfw3 nat 1 show state<br>
<br>
ipfw3 add deny all<br>
---------------------------------------------------------<br>
<br>
my rc.conf contains:<br>
---------------------------------------------------------<br>
ifconfig_em0=&quot;inet <a href="http://192.168.0.178/24" \
target="_blank">192.168.0.178/24</a>&quot;<br> ifconfig_igb0=&quot;inet <a \
href="http://172.23.0.1/24" target="_blank">172.23.0.1/24</a>&quot;<br> \
                gateway_enable="YES&quot;<br>
--------------------------------------------------------<br>
<br>
my sysctl.conf is:<br>
--------------------------------------------------------<br>
net.inet.ip.forwarding=1<br>
net.filters_default_to_accept=1<br>
--------------------------------------------------------<br>
<br>
But I cannot ping 8.8.8.8 from the computer attached to the internal nic!<br>
What am I going wrong?<br>
<br>
James</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</div>

</blockquote></div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic