> > In Kernel Nat/Firewall > > /---------------------\ > > +--------+ +-------+ +-----+ +-------+ +-------+ > > | Client | --- | igb0 | --- | Nat | --- | igb1 | --- | Host | > > +--------+ +-------+ +-----+ +-------+ +-------+ > > > > Requests originate from "client", come in via "igb0", get passed to "nat", > > leave "igb1" reaching host .... no problem. > > > > 03000 nat 1 ip from any to any out via igb0
Jup. > > The response leaving "host", come in via "igb1", get passed to "nat", and > > get clobbered by ipfw's deny rule (see below). > > > > 50100 nat 1 ip from any to me in via igb0 igb1 != igb0 I'd suggest to apply nat any traffic on igb1 in both direction. So routing is much easier (you never see the public NAT IP). _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
