On March 28, 2008 10:35 am Jay L. T. Cornwall wrote: > Hi, > > I have a FreeBSD 7.0 machine bridging two segments of a network: > > vr0 <---> bridge0 <---> vr1 > > bridge0 has both unregistered and public IP aliases. In addition to > bridging, I need the machine to perform NAT on packets originating from > an unregistered subnet (192.168.1.0/24) outbound on interface vr1 to a > public IP and back again. No NAT'ing should occur behind vr1. > > I initially tried to set this up with ipfw diverting packets to natd > like this: > divert natd any from any to any via vr1 > > This seemed to NAT packets outbound correctly, but the replies were > never NAT'd back to the private IPs. I believe the presence of the > bridge affects ipfw's ability to divert the appropriate packets. This > configuration partly works: > divert natd any from 192.168.1.0/24 to any > divert natd any from any to <public IP>
Have you tried restricting your rules to only the vr1 interfaces, with <public IP> configured directly on vr1: divert natd ip from 192.168.1.0/24 to any out xmit vr1 divert natd ip from any to <public IP> in recv vr1 -- Freddie Cash [EMAIL PROTECTED] _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
