Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 6 Jul 2013 23:02:36 +1000 (EST)
From:      Ian Smith <smithi@nimnet.asn.au>
To:        Sami Halabi <sodynet1@gmail.com>
Cc:        freebsd-net@freebsd.org, Eugene Grosbein <eugen@grosbein.net>, freebsd-ipfw <freebsd-ipfw@freebsd.org>
Subject:   Re: DNAT in freebsd
Message-ID:  <20130706224310.R26496@sola.nimnet.asn.au>
In-Reply-To: <51D80193.5080401@grosbein.net>
References:  <CAEW%2BogYp61U2zjicksYekSdfmLLZh5g9QM3GUg4n16ZbudVZtg@mail.gmail.com> <CAEW%2BogZ=a6LZavOtcb_egNWFQ8bJP0gzP6pc90tu1dcWC9K80A@mail.gmail.com> <51D006F6.6060809@grosbein.net> <CAEW%2Bogbx15KiayBHFJ7T1YVGQ2pwm1ArQaSrjUk6XUOBgVPggA@mail.gmail.com> <51D04FA8.8080900@grosbein.net> <CAEW%2BogZQ1bHOBNvxkLqnFRrR_b4=e%2BYx9wUjWC8YYr__QsBe3w@mail.gmail.com> <CAEW%2BogZmd4Rz7OgTKV-k=tnSLgG0Y0-4XO%2BxuELznsgVo0XZ%2BA@mail.gmail.com> <51D14930.1060502@grosbein.net> <CAEW%2BogYW9YWZr6TnzqZ%2BHv_e_fFo-MKW1hTdWfw7w=qaCFw3Yg@mail.gmail.com> <51D15D06.9030300@grosbein.net> <CAEW%2BogZB9m%2B5FLyB2NXFbp=uSpvCq6fn4SPVZe2W58yQ-S_z4w@mail.gmail.com> <CAEW%2BogYef6esFDkxRefht1z==zdr5bsYv6S-FPgTyZ36GPR_Mg@mail.gmail.com> <51D390CA.5020803@freebsd.org> <51D3A1A0.8090904@freebsd.org> <51D3A35C.8070305@freebsd.org> <CAEW%2BogY8A3javUR=g5pP5iqa3yYfEToHuRg0J-ihnV8EV2U9SA@mail.gmail.com> <CAEW%2BogYCU43JdFFUxcUO_tSGupDZUgSC9Y=4n%2Br=AkOBz3dm-g@mail.gmail.com> <51D80193.5080401@grosbein.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote:
 > On 06.07.2013 14:47, Sami Halabi wrote:
 > > Hi,
 > > Any hope?
 > 
 > Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules
 > I recommended? If yes, why have not you show that logs yet?
 > Include tcpdump output from external and internal interfaces too.

Sami, this was very good advice.  I'll go further and say add _lots_ of 
'count log' rules before and after each nat rule, one each for packets 
you might expect from different sources of interest, and to different 
destinations expected from your nat mapping, and also the unexpected.

Then run some test packets, afterwards running 'ipfw -t show' so you 
(and we) can clearly see which packets went which way and when.  This 
may help debugging greatly; we need you to tell less, and show us more.

Julian also put some time into a well detailed plan, based of course on 
assumptions reached with not a lot to go on; you should try using that, 
and feeding back some very specific results.

cheers, Ian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130706224310.R26496>