Comments on: IPFW3 and NAT

By: bycn82

bycn82 — Thu, 21 Jan 2016 00:50:20 +0000

bycn82 — Fri, 26 Jun 2015 08:57:47 +0000

Nice,
I like your script, it is clean and clear.

Nobody — Thu, 25 Jun 2015 20:59:29 +0000

Is pf also an in-kernel NAT in Dfly?

DragonCanFly — Thu, 25 Jun 2015 20:09:34 +0000

>> it is a in-kernel NAT
>>
What does it mean?

Nans — Thu, 25 Jun 2015 13:19:32 +0000

I’ve made some small changes and it worked like a charm (INT-NIC: bnx0, OUT-NIC: bnx1):

#!/bin/sh
kldload ipfw3_nat
kldload ipfw3_layer4

ipfw3 flush

ipfw3 add allow all via lo0
ipfw3 add allow all via bnx0

ipfw3 nat 1 config if bnx1
ipfw3 add nat 1 tcp via bnx1

ipfw3 add check-state
ipfw3 add deny tcp established
ipfw3 add allow all out via bnx1 keep-state

ipfw3 add deny all

Anonymous — Thu, 25 Jun 2015 02:39:19 +0000

it is a in-kernel NAT