FreeBSD 11.0 Stable: ipfw nat show? where show?

Hello!

FreeBSD - AMD64
Code:
10.3-STABLE FreeBSD 10.3-STABLE #0 r308165M:
# ipfw nat 1 show
nat 1: icmp=3, udp=27, tcp=77, sctp=0, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=107

Code:
11.0-STABLE FreeBSD 11.0-STABLE #0: Mon Nov 14 17:54:37

# ipfw nat 1 show
ipfw: Please specify action. Available: config,log

Where nat show FreeBSD 11.0?
 
I don't use IPFW but my first guess would be that the second server doesn't have a NAT rule #1. The commands you're using only show NAT rule #1. What does ipfw nat show config output?
 
All NAT show:
Code:
root@test11:~ # ipfw nat show log
nat 1: icmp=0, udp=0, tcp=0, sctp=0, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=0
nat 2: icmp=0, udp=0, tcp=0, sctp=0, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=0
Single NAT doesn't show:
Code:
root@test11:~ # ipfw nat 1 show log
ipfw: unknown redir mode
ipfw nat 1 config if vlan23 log same_portsroot@test11:~ #
 
Can you show us the actual rules? It looks like there might be an error with the rules.
 
FreeBSD 10.3:
Code:
nat 1 config log if vlan23 same_ports redirect_addr 192.168.23.23 11.22.33.44
add 01005 nat 1 all from 192.168.23.23 to any out xmit vlan23
add 01010 nat 1 all from any to 11.22.33.44 in recv vlan23
nat 2 config ip 11.22.33.45 log same_ports reset deny_in
add 01015 nat 2 all from 192.168.22.0/24 to any out xmit vlan23
add 01020 nat 2 all from any to 11.22.33.45 in recv vlan23

ipfw nat 1 show
nat 1: icmp=0, udp=0, tcp=0, sctp=0, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=0

ipfw nat 2 show
nat 2: icmp=0, udp=0, tcp=0, sctp=0, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=0
The same FreeBSD 11.0:
Code:
root@test11:/etc# ipfw nat 1 show
ipfw: Please specify action. Available: config,log

root@test11:/etc# ipfw nat 1 show log
ipfw: unknown redir mode
ipfw nat 1 config if vlan23 log same_portsroot@test11:/etc#

root@test11:/etc# ipfw nat 2 show log
ipfw nat 2 config ip 11.22.33.45 log deny_in same_ports reset
There is no statistics on each NAT.
 
This is still present.

But what's worse - it does not always translate:

Code:
Oct 10 04:59:01 ipfw-oper: 2134 Count UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:01 ipfw-oper: 2136 Count UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:01 ipfw-oper: 2395 Unreach 13 UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:06 ipfw-oper: 2134 Count UDP 91.62.23.172:63339 51.158.21.23:5006 in via tun3
Oct 10 04:59:06 ipfw-oper: 2136 Count UDP 91.62.23.172:63339 192.168.2.55:5007 in via tun3
Oct 10 04:59:09 ipfw-oper: 2134 Count UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:09 ipfw-oper: 2136 Count UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:09 ipfw-oper: 2395 Unreach 13 UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 04:59:09 ipfw-oper: 2134 Count UDP 91.62.23.172:63339 51.158.21.23:5006 in via tun3
Oct 10 04:59:09 ipfw-oper: 2136 Count UDP 91.62.23.172:63339 192.168.2.55:5007 in via tun3
Oct 10 05:00:34 ipfw-oper: 2134 Count UDP 91.62.23.172:8211 51.158.21.23:5006 in via tun3
Oct 10 05:00:34 ipfw-oper: 2136 Count UDP 91.62.23.172:8211 192.168.2.55:5007 in via tun3

Code:
# ipfw nat 3 show config
ipfw nat 3 config ip 51.158.21.23 same_ports unreg_only redirect_port tcp 192.168.2.55:5007 5006 redirect_port udp 192.168.2.55:5007 5006
# ipfw list 2134-2136
02134 count log proto udp
02135 nat 3 proto ip4
02136 count log proto udp

The 63309 session is the Android, the 8211 is the Laptop. The Android works always, the Laptop not.
 
Back
Top