From owner-freebsd-ipfw@FreeBSD.ORG  Fri Apr 30 16:23:17 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 630AB1065670
	for <freebsd-ipfw@freebsd.org>; Fri, 30 Apr 2010 16:23:17 +0000 (UTC)
	(envelope-from dima_bsd@inbox.lv)
Received: from mgw1.apollo.lv (mgw1.apollo.lv [80.232.168.216])
	by mx1.freebsd.org (Postfix) with ESMTP id 1DF098FC1A
	for <freebsd-ipfw@freebsd.org>; Fri, 30 Apr 2010 16:23:16 +0000 (UTC)
Received: from [81.198.51.54] (unknown [81.198.51.54])
	by mgw1.apollo.lv (Postfix) with ESMTP id CC2983D99EA;
	Fri, 30 Apr 2010 19:23:14 +0300 (EEST)
From: Dmitriy Demidov <dima_bsd@inbox.lv>
To: freebsd-ipfw@freebsd.org
Date: Fri, 30 Apr 2010 19:23:13 +0300
User-Agent: KMail/1.9.10
References: <19418.39843.266203.180601@jerusalem.litteratus.org>
In-Reply-To: <19418.39843.266203.180601@jerusalem.litteratus.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <201004301923.13306.dima_bsd@inbox.lv>
X-Brightmail-Tracker: AAAAAA==
Cc: Robert Huff <roberthuff@rcn.com>
Subject: Re: help wanted with NAT under ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2010 16:23:17 -0000

On Friday 30 April 2010, Robert Huff wrote:
> 	I have been trying to get NAT working under ipfw on:
>
> FreeBSD 9.0-CURRENT #0: Fri Apr 23 11:34:17 EDT 2010 amd64
>
> 	and failing.
> 	The ipfw part works fine.  I'm using:
>
> ipfw_load="YES"
> ipfw_nat_load="YES"	# in-kernel ipfw nat
> libalias_load="YES"	# for in-kernel ipfw nat
>
> 	my ipfw rules are appended.
> 	However, the moment I do this:
>
> ipfw add 5000 nat 15 all from any to any
> ipfw nat 15 config log same_ports if em0
>
> 	the machine is cut off from the outside world.  Removing that
> rule makes things right again.  (Obviously checking whether NAT is
> happening is useless.)
> 	I've read the man page; I've read the Handbook.  Neither are
> helpful.
> 	What am I doing wrong?
>
> 	Respectfully,
>
>
> 				Robert Huff

Hi,

This could happen because of old annoying bug (or "feature"?) that seats 
somethere in the middle of libalias and em driver:
http://www.freebsd.org/cgi/query-pr.cgi?pr=143939&cat=kern

Try to turn off RXCSUM,TXCSUM on em interface:

ifconfig em0 -rxcsum -txcsum -tso

Good luck.