Am 19.07.2017 um 14:22 schrieb Andrey V. Elsukov:
Different NAT instances will not work for the same flow, because they
have different state tables. Packets in both direction should pass
trough the same NAT instance.
What you see in tcpdump on the enc0 interface?
Ok, also tried with one nat instance, same result:
ipfw nat 1 config ip 10.26.1.1 log reverse
ipfw add 179 nat 1 log all from 10.26.2.0/24 to 10.24.66.0/24
ipfw add 179 nat 1 log all from 10.24.66.0/24 to 10.26.1.1 in recv enc0
LAN Interface:
14:40:32.441506 IP 10.26.2.11 > 10.24.66.25: ICMP echo request, id
45314, seq 256, length 8
14:40:33.441565 IP 10.26.2.11 > 10.24.66.25: ICMP echo request, id
45314, seq 512, length 8
14:40:34.441635 IP 10.26.2.11 > 10.24.66.25: ICMP echo request, id
45314, seq 768, length 8
enc0 interface
14:40:32.441553 (authentic,confidential): SPI 0x8fe95b44: IP 10.26.1.1 >
10.24.66.25: ICMP echo request, id 64122, seq 256, length 8
14:40:32.449671 (authentic,confidential): SPI 0xcbc867ea: IP 10.24.66.25
> 10.26.1.1: ICMP echo reply, id 64122, seq 256, length 8
14:40:33.441613 (authentic,confidential): SPI 0x8fe95b44: IP 10.26.1.1 >
10.24.66.25: ICMP echo request, id 64122, seq 512, length 8
14:40:33.450623 (authentic,confidential): SPI 0xcbc867ea: IP 10.24.66.25
> 10.26.1.1: ICMP echo reply, id 64122, seq 512, length 8
14:40:34.441683 (authentic,confidential): SPI 0x8fe95b44: IP 10.26.1.1 >
10.24.66.25: ICMP echo request, id 64122, seq 768, length 8
14:40:34.449786 (authentic,confidential): SPI 0xcbc867ea: IP 10.24.66.25
> 10.26.1.1: ICMP echo reply, id 64122, seq 768, length 8
ipfw -ta list
00179 4 112 Wed Jul 19 14:40:34 2017 nat 1 log ip from
10.26.2.0/24 to 10.24.66.0/24
00179 4 112 Wed Jul 19 14:40:34 2017 nat 2 log ip from
10.24.66.0/24 to 10.26.1.1 in recv enc0
Thanks,
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
