Date: Tue, 20 Jul 2010 17:08:38 +0100 From: Michael <mlmichael70@gmail.com> To: Steve Bertrand <steve@ipv6canada.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: please help with NATing my jails Message-ID: <4C45CA06.3070408@gmail.com> In-Reply-To: <4C3B0ED7.9010807@ipv6canada.com> References: <4C3AEA4E.50005@gmail.com> <4C3B0ED7.9010807@ipv6canada.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/07/2010 13:47, Steve Bertrand wrote: > > ...do you need a second nat rule for the inbound traffic, or does nat > handle that by itself? If you run tcpdump on the wlan interface, do you > see the inbound traffic that relates to your request? > I don't know if I need that second rule but after adding rule 00035 nat 100 ip from not me to 127.127.127.1 via wlan0 keep-state nothing changes, still the same problem. While I'm trying to get "host freebsd.org" from the jailed system, tcpdump on wlan0 says: ARP, Request who-has 192.168.1.254 tell 192.168.1.254, length 28 ARP, Request who-has 192.168.1.111 tell 192.168.1.254, length 28 ARP, Reply 192.168.1.111 is-at 00:26:5e:e7:e8:78, length 28 ARP, Request who-has 192.168.1.94 tell 192.168.1.254, length 28 ARP, Request who-has 192.168.1.95 tell 192.168.1.254, length 28 ARP, Request who-has 192.168.1.96 tell 192.168.1.254, length 28 ARP, Request who-has 192.168.1.82 tell 192.168.1.254, length 28 IP 192.168.1.111.37766 > 208.67.222.222.53: 55415+ A? freebsd.org. (29) IP 208.67.222.222.53 > 192.168.1.111.37766: 55415 1/0/0 A 69.147.83.40 (45) IP 192.168.1.111 > 208.67.222.222: ICMP 192.168.1.111 udp port 37766 unreachable, length 36 IP 192.168.1.111.45007 > 208.67.220.220.53: 55415+ A? freebsd.org. (29) IP 208.67.220.220.53 > 192.168.1.111.45007: 55415 1/0/0 A 69.147.83.40 (45) IP 192.168.1.111 > 208.67.220.220: ICMP 192.168.1.111 udp port 45007 unreachable, length 36 IP 192.168.1.111.37766 > 208.67.222.222.53: 55415+ A? freebsd.org. (29) IP 208.67.222.222.53 > 192.168.1.111.37766: 55415 1/0/0 A 69.147.83.40 (45) IP 192.168.1.111 > 208.67.222.222: ICMP 192.168.1.111 udp port 37766 unreachable, length 36 IP 192.168.1.111.45007 > 208.67.220.220.53: 55415+ A? freebsd.org. (29) IP 208.67.220.220.53 > 192.168.1.111.45007: 55415 1/0/0 A 69.147.83.40 (45) IP 192.168.1.111 > 208.67.220.220: ICMP 192.168.1.111 udp port 45007 unreachable, length 36 So once again my rules are: ipfw -q -f flush ipfw add 00010 allow all from 127.0.0.1 to 127.0.0.1 via lo0 ipfw add 00020 check-state ipfw add 00030 nat 100 ip from 127.127.127.1 to any via wlan0 keep-state ipfw nat 100 config ip 192.168.1.111 log ipfw add 00040 allow all from any to any Any ideas please? Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C45CA06.3070408>