Differential D23981
ipfw: Add support for NAT on different routing tables Authored by nc on Mar 5 2020, 11:18 PM. Tags Referenced Files
Details
ipfw: Add support for NAT on different routing tables. This patch adds an option "fib FIB_NO" to the "ipfw nat" command which lets you set the routing table on the NAT instance to FIB FIB_NO. We also make ipfw tag NAT packets on a routing table if specified. This can be useful in say, using two connections via one router. Submitted by: Neel Chauhan <neel AT neelc DOT org> Compile HEAD with this patch. Add the following to /etc/rc.conf cloned_interfaces="lo1" ifconfig_lo1="inet 10.0.0.1 netmask 255.255.255.255" ifconfig_lo1_alias0="inet 10.0.0.2 netmask 255.255.255.255" firewall_enable="YES" firewall_type="OPEN" firewall_nat_enable="YES" firewall_script="/etc/ipfw.conf" And the following to /etc/ipfw.conf: #!/bin/sh ipfw -q flush ipfw nat 1 config ip IP1 fib 1 ipfw nat 2 config ip IP2 ipfw add 100 nat 1 ip from any to IP1 in via wan0 ipfw add 101 nat 2 ip from any to IP2 in via wan0 ipfw add 200 nat 1 ip from 10.0.0.1/32 to any out via wan0 ipfw add 201 nat 2 ip from 10.0.0.2/32 to any out via wan0 ipfw add allow ip from any to any Replace wan0 with your WAN interface, IP1 with the IP on fib 1, and IP2 with the IP on fib 0 (default). Then, you can test traceroute to CloudFlare DNS (1.1.1.1) or any test IP like this: setfib 1 traceroute -s 10.0.0.1 1.1.1.1 # IP1 setfib 0 traceroute -s 10.0.0.2 1.1.1.1 # IP2
Diff Detail
Event TimelineComment Actions Here, I fix the argument parsing. I realized it was broken when I loaded a backported version of this on my router (HP T730). Comment Actions I'm sorry, but I do not see anything functionally connected with the new fib number. Comment Actions This patch DOES work with multiple FIBs, however, only on the same interface. Abandoning revision as I was able to replcate this via setfib. |