From owner-freebsd-questions@FreeBSD.ORG Wed Apr 23 20:55:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 17C19FE0 for ; Wed, 23 Apr 2014 20:55:42 +0000 (UTC) Received: from mail-qg0-x236.google.com (mail-qg0-x236.google.com [IPv6:2607:f8b0:400d:c04::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF45A171D for ; Wed, 23 Apr 2014 20:55:41 +0000 (UTC) Received: by mail-qg0-f54.google.com with SMTP id q107so899327qgd.13 for ; Wed, 23 Apr 2014 13:55:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=I0NfVtCwsyNx8EUz7foJrNjD6MaosmVDcFNJuOlnRKI=; b=s/0Tqu5gIXtW+Z5ibt/1bvvi905IsHF2olnKOjZK6hISDL5CGPJ/KOpL5NzyajZmzp gUPQnvtHANvYwrVr3HoajujIdr7NWA5kcR/8qzQyRa7/V5f2O9qJZg/xE6oe9eDOcS2d frzgrIZcC+So1MtjOLPhQZdyypLwZagxPCxi3PkiRz794sc6CzWp6xpsOqw9PZuuntMy nG1QZTgTg/QUQh11oA74fVhswC7Fc/0d3xN4BK8V1eV/Ep2PeJAOAV2opI7VY6RqjBoG 2uBbzWAoYcS2s7VeN6Mfz8upXxpMePrqUdFpugCfN9oRD2bHSUb9h6qjJRao0BNtmyZA SmJw== MIME-Version: 1.0 X-Received: by 10.224.47.130 with SMTP id n2mr62365531qaf.26.1398286541005; Wed, 23 Apr 2014 13:55:41 -0700 (PDT) Received: by 10.96.28.197 with HTTP; Wed, 23 Apr 2014 13:55:40 -0700 (PDT) Date: Wed, 23 Apr 2014 13:55:40 -0700 Message-ID: Subject: ipfw & natd redirect_address From: Don Dugger To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 20:55:42 -0000 Hi all, I need a little help. my rc.conf: ================================================================= gateway_enable="YES" natd_enable="YES" natd_interface="xl0" natd_flags="-f /etc/natd.conf" ifconfig_xl0="inet 74.92.224.225 netmask 255.255.255.0" ifconfig_xl0_alias0="inet 74.92.224.227 netmask 255.255.255.255" ifconfig_xl0_alias1="inet 74.92.224.226 netmask 255.255.255.255" ifconfig_xl0_alias2="inet 74.92.224.228 netmask 255.255.255.255" ifconfig_xl0_alias3="inet 74.92.224.229 netmask 255.255.255.255" ifconfig_re0="up" ifconfig_re1="up" cloned_interfaces="lagg0" ifconfig_lagg0="laggproto loadbalance laggport re0 laggport re1 172.27.240.33 netmask 255.255.0.0" firewall_client_net="172.27.0.0:255.255.0.0" firewall_enable="YES" firewall_logging="YES" firewall_type="/etc/ipfw.rules" ================================================================== my natd.conf: ================================================================== interface xl0 use_sockets yes same_ports yes redirect_address 172.27.240.44 74.92.224.227 ================================================================== my ipfw.rules: ================================================================== add 50 divert natd log ip4 from any to any via xl0 add 2000 pass all from 172.27.0.0:255.255.0.0 to 172.27.0.0:255.255.0.0 via 172.27.240.33 add 2040 deny log all from any 23 to any add 2050 deny log all from any to any 23 add 2060 deny log all from any 111 to any add 2070 deny log all from any to any 111 add 2080 deny log all from any 221 to any add 2090 deny log all from any to any 221 add 2100 deny log all from any 222 to any add 2110 deny log all from any to any 222 add 5000 pass all from any to any ================================================================== Every thing works fine expect coming into 74.92.224.227 does not go to 172.27.240.44 it end up on the gateway fine but not on the local LAM. HELP!! thx in advance... Don PS please cc this email address I'm not on the list.