Hi again, So far no solution.... Is there really no alternative in FreeBSD?
Sami בתאריך 1 ביול 2013 14:16, מאת "Sami Halabi" <sodyn...@gmail.com>: > Hi, > I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1 > > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 > if I have 10.0.1.1 in em1 no translation is done! > if I delete it (and add a static arp entry in 10.0.1.2 for mac of > 10.0.1.1) > rule 1000 translates well and I get packet from 11.0.3.1->10.0.1.1 > > > ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1 > no translation is done at all! > > Sami > > > ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1 > > ipfw add 4000 nat 1 all from 10.0.1.1 to 11.0.3.1 > > > > > > ipfw nat 1 config same_ports ureg_only ip 11.0.3.1 > > ipfw nat 1 config reverse same_ports ureg_only ip 11.0.4.2 > > > > On Mon, Jul 1, 2013 at 1:42 PM, Eugene Grosbein <eu...@grosbein.net>wrote: > >> On 01.07.2013 17:05, Sami Halabi wrote: >> > Hi, >> > forgot to mention that but this sysctl is already set to 0. >> > i see in the logs packets pass 1000 rule. >> >> Use rules like 'ipfw add 1500 count log ip from any to any' to check >> intermediate results of translation. >> >> > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
