From owner-freebsd-ipfw@FreeBSD.ORG Thu Aug 5 06:22:57 2010 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9986B1065672 for ; Thu, 5 Aug 2010 06:22:57 +0000 (UTC) (envelope-from mlmichael70@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 270C58FC0C for ; Thu, 5 Aug 2010 06:22:56 +0000 (UTC) Received: by bwz12 with SMTP id 12so3647070bwz.13 for ; Wed, 04 Aug 2010 23:22:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=ZIk6AXz0DxKRd/Uroal+C9UmmuyGdYb5dIYdu3+Vkeg=; b=iXHqWcv7dfjnpPzvoJ9WDUVjEqd4/Y6y9nJI+4ZWvyioutxNpCQp94xYFI19idZhAA 1p5uqwZf2xdZC6NmhMNUFPCKiiKymxfDUUjtsuiJSmqaBSbWC4q0APocOkcbV2935Mik As5IHUFq4grqpKHgoyKyAgfWw6PY+Y0x9lJUo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=vS4SAx6KTu1BZ0DjFwP6W6C2HWFPIItgIg0dw25Y1DZXIZf6tN1UECFfnlJVvJ0lvt BES6l+sLFOWw/4NzGkkKXDnnvJNyPFuK7cAN6fES+7QSVlevMTqU/2IlqJhe2z2u7uX0 tmYKEH+m/4XFsN4+qmYNUJxB2h2guU4/claE0= Received: by 10.204.160.146 with SMTP id n18mr7033506bkx.116.1280989375908; Wed, 04 Aug 2010 23:22:55 -0700 (PDT) Received: from prime.nonspace (94-193-57-116.zone7.bethere.co.uk [94.193.57.116]) by mx.google.com with ESMTPS id s34sm6571170bkk.1.2010.08.04.23.22.55 (version=SSLv3 cipher=RC4-MD5); Wed, 04 Aug 2010 23:22:55 -0700 (PDT) Message-ID: <4C5A58FE.2050704@gmail.com> Date: Thu, 05 Aug 2010 07:23:58 +0100 From: Michael User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.11) Gecko/20100721 Thunderbird/3.0.6 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: nat and dynamic external address X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Aug 2010 06:22:57 -0000 Hello. Am I right thinking that "if interface" and "reset" parameters should be enough to handle changing address (DHCP) on external interface? My rules: ipfw -q nat 1 config reset if $if_ext log same_ports ipfw -q add nat 1 udp from $jail_ip to $dns out xmit $if_ext jail $jail_jid ipfw -q add nat 1 udp from $dns to me in recv $if_ext They works fine only when $if_ext gets it's IP address during system boot-up. If DHCP server is unavailable at the time of rules loading then ipfw says: ipfw: cannot get interface name (The same happens without "SYNDHCP" option for ipfw in rc.conf) It loads all rules anyway. Now after DHCP becomes available and $ext_if gets it's IP address it turns out that NAT is still not working. I have to manually reload the same ruleset. Any ideas how to solve that problem? Michael