From owner-freebsd-ipfw@freebsd.org Wed Jul 3 16:41:59 2019 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 757C615D9834 for ; Wed, 3 Jul 2019 16:41:59 +0000 (UTC) (envelope-from ahsanbarkati@gmail.com) Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3796883903 for ; Wed, 3 Jul 2019 16:41:58 +0000 (UTC) (envelope-from ahsanbarkati@gmail.com) Received: by mail-lj1-f181.google.com with SMTP id p17so3197448ljg.1 for ; Wed, 03 Jul 2019 09:41:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ctS2MXujFIszJtSOZE2nXj20E/uwR7trbhQaQB4q/30=; b=SpLNhjg6TmgeHcPVdIz50V4+6+wpK6camvBWxOqzloBBjNXD8waDpTaFPV1Rh45zHc IKKJ/lmbzDFgmRAa72g/oqyA127y2YmJ0EiXzHog2n8RF8ddu33N5/wtP3HYZDaEEMHT 3zKw+2GeSD2V33iXL3UbB1kgDDieG6sGyUdpX0JJlP+gSuce54IEfrIj3fywCYdFtWQy j6Bkkxp0oDyXhr24tRYBusJEBB5k+bfa3ei0kaZHY5V4FDlR8s/734Pm1fbis7duc1eU jXh3h+3bh64ItvvUzo1y2XoXvEAwJti7WH3TWaDNCu2clqjPP1r4H+RKyd5yy6G3kzjZ kfyQ== X-Gm-Message-State: APjAAAUQOFPUtRUyNV1adNvpmt9uIk41gijrai6UejIDVDPYAkYyKLDH PLVS5EKGV+jyK80S3BkMDBnXbXYWqqw= X-Google-Smtp-Source: APXvYqwQ+SrJiPkipzie0+zjZlNQO7a68M11l/84GI9NX14Yb+gOQPcrgPXE/DsBuzSjHFc8zsbmBg== X-Received: by 2002:a2e:8802:: with SMTP id x2mr21618896ljh.200.1562172110692; Wed, 03 Jul 2019 09:41:50 -0700 (PDT) Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com. [209.85.208.173]) by smtp.gmail.com with ESMTPSA id b9sm562478ljj.92.2019.07.03.09.41.50 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jul 2019 09:41:50 -0700 (PDT) Received: by mail-lj1-f173.google.com with SMTP id a21so3178485ljh.7 for ; Wed, 03 Jul 2019 09:41:50 -0700 (PDT) X-Received: by 2002:a2e:a171:: with SMTP id u17mr15051051ljl.209.1562172110192; Wed, 03 Jul 2019 09:41:50 -0700 (PDT) MIME-Version: 1.0 From: Ahsan Barkati Date: Wed, 3 Jul 2019 22:11:38 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: NAT in ipfw To: freebsd-ipfw@freebsd.org X-Rspamd-Queue-Id: 3796883903 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of ahsanbarkati@gmail.com designates 209.85.208.181 as permitted sender) smtp.mailfrom=ahsanbarkati@gmail.com X-Spamd-Result: default: False [-4.15 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ipfw@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4]; MIME_TRACE(0.00)[0:+,1:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.85)[-0.850,0]; DMARC_NA(0.00)[freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[181.208.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[ahsanb@freebsd.org,ahsanbarkati@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[ahsanb@freebsd.org,ahsanbarkati@gmail.com]; IP_SCORE(-1.29)[ip: (-0.55), ipnet: 209.85.128.0/17(-3.45), asn: 15169(-2.38), country: US(-0.06)]; TO_DOM_EQ_FROM_DOM(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 16:41:59 -0000 Hi, I have been trying to set up NAT using ipfw's in-kernel NAT. I want to configure NAT in one of the jails (say A) and let other jail (say B) be behind this NAT and be able to ping the host. ipfw -q add 14 nat 123 all from any to any via ${epair_host_nat}b out ipfw -q add 15 nat 123 all from any to me via ${epair_host_nat}b in epair_host_nat is the name of the epair. One of the interfaces of this epair is associated with the host and other with the jail A. Jail B is connected to jail A via another epair. And I have added a route in jail B for the host IP. But, I am not able to ping the host from jail B. Please let me know if I am doing something wrong and also suggest me a way to debug this. Thanks -Ahsan