Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 02 Feb 2015 21:19:37 +0300
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: How to configure nat for interface which will be created later?
Message-ID:  <54CFBFB9.9040801@FreeBSD.org>
In-Reply-To: <54CFBDF7.30301@FreeBSD.org>
References:  <54CFBDF7.30301@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 02.02.2015 21:12, Lev Serebryakov wrote:

> It is possible to use non-existing interface name in via / xmit / 
> recv option. It allows to write firewall which works with, say,
> VPN connection which is created AFTER firewall is loaded on boot.
> 
> But "nat X config if <iface>" doesn't allow to use non-existing 
> interface name! It looks like very strict limitation, as it
> doesn't allow to include VPN to nat config!
> 
> Is here any solution for this problem?
 Looking at "sbin/ipfw/nat.c:166" and "sys/netpfil/ipfw/ip_fw_nat.c",
it looks like this userland check is too restrictive.

 But I'm not sure, that I'm right...

- -- 
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQJ8BAEBCgBmBQJUz7+5XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePL6kP/2CFIvPrqGhYISH1z420qAoK
r5oE5SwlFcwARQONqUuizTsmlqt4UIP8xWGxb7YWzQgkbXVlht1zgBvby3xVzlJo
zoXfSsz9CN3GJShBkuCcXG0pHh1UpFrFYR1RN8uLHvsm6i+Hq5nZuaBSio+eaD1+
x/TmLdz+zVmQGO6GWscnN21A0bRP49Q4KJKZlkklAhZ0xVU9QQ77Mc3vCMOk0dGA
ObAeFu8fWqQHVGCeQppxJkLynWrhnHyyTeJvEvewGC+aWCu9H4xxa5oTEKFytQWc
ImQcfzkqgnk5U1gPsND89RXp8gxqWzV9TbRXF7cV2hHFbs4inJAUw+n2ammM4iFR
xg2BJlSxcaCx2xYtERqSRT6MRFR1zI1q/hEOW6puyJ611ILQ+TQRp5zrhnY1RkSe
qtVrpgtchJsFK1759PreVqd6dAbmfjhnklgdoL6J6r+LjNpEOI+2t0O+4sudG0M3
T1unH0K8IcdRg67LYJW371pUn5V4qIhnur8YXuXp24vuHvDZQmhZRdRDrpfESl+s
f97H06jGA9FIRS05o0PMIGUtpI48S7XjoaobOcb1CjVTfyItWMjAvK7TkpF1zmxD
z8AOdpHDZezf/TVDGKNxBLrQzK9hMOoUz9PKQA7JkbfDHmT6/zwDTBYnNjSW+VuS
ExLECR6f/seC3nEW6tek
=Vyhu
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54CFBFB9.9040801>