Change Details

In short: test a network with an internal IP address in the 100.64.0.0/10 with port_alias **LOWER** **UPPER** in IPFW, and see if NAT is performed. Explained: Compile a HEAD with this patch and reboot. Add the following to /etc/rc.conf: ``` ifconfig_lan0="inet 100.64.0.1 netmask 255.255.255.0" firewall_enable="YES" firewall_nat_enable="YES" firewall_script="/etc/ipfw.conf" ``` Add the following to /etc/ipfw.conf: ``` #!/bin/sh ipfw -q flush ipfw nat 1 config if wan0 unreg_cgn port_alias 2000 3000 ipfw add 100 nat 1 ip from any to me in via wan0 ipfw add 200 nat 1 ip from 100.64.0.0/24 to any out via wan0 ipfw add allow ip from any to any ``` Replace 2000 and 3000 with your lower and upper port ranges. Keep in mind that both have to be greater than 1024, and **UPPER** (obviously) has to be greater than **LOWER**. Replace wan0 with your WAN (outside) interface, and lan0 with your LAN (inside) interface. Then run ``` kldload ipfw ipfw_nat ``` and ``` service netif restart ``` Then, add clients on the 100.64.0.0/24 subnet with the 100.64.0.1 gateway and 255.255.255.0 subnet mask. You could also do DHCP, or NAT from a loopback interface, I won't mention that here.

In short: test a network with an internal IP address in the 100.64.0.0/10 with port_alias **LOWER** **UPPER** in IPFW, and see if NAT is performed. Explained: Compile a HEAD with this patch and reboot. Add the following to /etc/rc.conf: ``` ifconfig_lan0="inet 100.64.0.1 netmask 255.255.255.0" firewall_enable="YES" firewall_nat_enable="YES" firewall_script="/etc/ipfw.conf" ``` Add the following to /etc/ipfw.conf: ``` #!/bin/sh ipfw -q flush ipfw nat 1 config if wan0 unreg_cgn port_alias 2000 3000 ipfw add 100 nat 1 ip from any to me 2000-3000 in via wan0 ipfw add 200 nat 1 ip from 100.64.0.0/24 to any out via wan0 ipfw add allow ip from any to any ``` Replace 2000 and 3000 with your lower and upper port ranges. Keep in mind that both have to be greater than 1024, and **UPPER** (obviously) has to be greater than **LOWER**. Replace wan0 with your WAN (outside) interface, and lan0 with your LAN (inside) interface. Then run ``` kldload ipfw ipfw_nat ``` and ``` service netif restart ``` Then, add clients on the 100.64.0.0/24 subnet with the 100.64.0.1 gateway and 255.255.255.0 subnet mask. You could also do DHCP, or NAT from a loopback interface, I won't mention that here.

In short: test a network with an internal IP address in the 100.64.0.0/10 with port_alias **LOWER** **UPPER** in IPFW, and see if NAT is performed. Explained: Compile a HEAD with this patch and reboot. Add the following to /etc/rc.conf: ``` ifconfig_lan0="inet 100.64.0.1 netmask 255.255.255.0" firewall_enable="YES" firewall_nat_enable="YES" firewall_script="/etc/ipfw.conf" ``` Add the following to /etc/ipfw.conf: ``` #!/bin/sh ipfw -q flush ipfw nat 1 config if wan0 unreg_cgn port_alias 2000 3000 ipfw add 100 nat 1 ip from any to me 2000-3000 in via wan0 ipfw add 200 nat 1 ip from 100.64.0.0/24 to any out via wan0 ipfw add allow ip from any to any ``` Replace 2000 and 3000 with your lower and upper port ranges. Keep in mind that both have to be greater than 1024, and **UPPER** (obviously) has to be greater than **LOWER**. Replace wan0 with your WAN (outside) interface, and lan0 with your LAN (inside) interface. Then run ``` kldload ipfw ipfw_nat ``` and ``` service netif restart ``` Then, add clients on the 100.64.0.0/24 subnet with the 100.64.0.1 gateway and 255.255.255.0 subnet mask. You could also do DHCP, or NAT from a loopback interface, I won't mention that here.