PC Arbeit : Changed nat programs from natd(8) to one in ipfw(8).
BEFORE: /etc/rc.firewall.local
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd ipv4 from any to any via ${natd_interface}
fi
;;
esac
AFTER: /etc/rc.firewall.local
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd ipv4 from any to any via ${natd_interface}
fi
;;
esac
case ${firewall_nat_enable} in
[Yy][Ee][Ss])
if [ -n "${firewall_nat_interface}" ]; then
if echo "${firewall_nat_interface}" | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
if_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}
else
if_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}
fi
${fwcmd} nat 123 config log ${firewall_nat_flags}
${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface}
fi
;;
esac
Commented out a value of natd and added ones of ipfw for nat in /etc/rc.conf.
#natd_enable="YES" firewall_nat_enable="YES" # Enable kernel NAT (if firewall_enable == YES) firewall_nat_interface="ng0" # Public interface or IPaddress to use firewall_nat_flags="same_ports reset" # Additional configuration parameters
Show config.
# ipfw nat show config ipfw nat 123 config if ng0 log same_ports reset # ipfw -a list 00050 0 0 nat 123 ip4 from any to any via ng0
00050 might be renumbered for it precedes the rule of localhost, via lo0.
IPv6, tunneling with gif(4), is working fine on this ipfw nat without any changes on the gif's point of view.
The further configuration about redirect with ipfw nat seems available, though, I don't know how to do it for few documentations.