Date: Fri, 25 Jun 2010 16:16:46 GMT From: David Naylor <naylor.b.david@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/148144: [patch] add ipfw_nat support for rc.firewall simple type Message-ID: <201006251616.o5PGGkYQ098382@www.freebsd.org> Resent-Message-ID: <201006251620.o5PGK4PD091650@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 148144 >Category: conf >Synopsis: [patch] add ipfw_nat support for rc.firewall simple type >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jun 25 16:20:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: David Naylor >Release: FreeBSD-9 >Organization: Private >Environment: FreeBSD dragon.dg 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sat Jun 19 19:08:38 SAST 2010 root@dragon.dg:/tmp/home/freebsd9/src/sys/DRAGON amd64 >Description: rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support. I have used this change for a while to provide support for NAT on my server. >How-To-Repeat: n/a >Fix: n/a Patch attached with submission follows: --- rc.firewall~ 2010-06-25 18:10:42.000000000 +0200 +++ rc.firewall 2010-06-25 18:11:16.000000000 +0200 @@ -318,6 +318,21 @@ fi ;; esac + case ${firewall_nat_enable} in + [Yy][Ee][Ss]) + if [ -n "${firewall_nat_interface}" ]; then + if echo "${firewall_nat_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" + else + firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" + fi + ${fwcmd} nat 123 config log ${firewall_nat_flags} + ${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface} + fi + ;; + esac + # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006251616.o5PGGkYQ098382>