Re: DNAT in freebsd

2013-07-01 Thread Sami Halabi
Hi, I've tried the following: em1 - ip 10.0.1.1/24 em2 - ip 11.0.3.1/24 route add 11.0.4.0/24 11.0.3.2 ipfw flush ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1 ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1 ipfw add 4000 nat 1 all from 10

Re: DNAT in freebsd

2013-07-01 Thread Eugene Grosbein
On 01.07.2013 14:30, Sami Halabi wrote: > Hi, > > I've tried the following: > > em1 - ip 10.0.1.1/24 > em2 - ip 11.0.3.1/24 > route add 11.0.4.0/24 11.0.3.2 > > ipfw flush > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 > ipfw ad

Re: DNAT in freebsd

2013-07-01 Thread Sami Halabi
Hi, forgot to mention that but this sysctl is already set to 0. i see in the logs packets pass 1000 rule. Sami On Mon, Jul 1, 2013 at 12:17 PM, Eugene Grosbein wrote: > On 01.07.2013 14:30, Sami Halabi wrote: > > Hi, > > > > I've tried the following: > > > > em1 - ip 10.0.1.1/24

Re: DNAT in freebsd

2013-07-01 Thread Eugene Grosbein
On 01.07.2013 17:05, Sami Halabi wrote: > Hi, > forgot to mention that but this sysctl is already set to 0. > i see in the logs packets pass 1000 rule. Use rules like 'ipfw add 1500 count log ip from any to any' to check intermediate results of translation. ___

Current problem reports assigned to freebsd-ipfw@FreeBSD.org

2013-07-01 Thread FreeBSD bugmaster
Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker

Re: DNAT in freebsd

2013-07-01 Thread Sami Halabi
Hi, I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1 > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 if I have 10.0.1.1 in em1 no translation is done! if I delete it (and add a static arp entry in 10.0.1.2 for mac of 10.0.1.1) rule 1000 translates well and I get packet from 1