I'm working through a puzzle with a new ipfw configuration and am trying to confirm if the packets are being dropped by the in-kernel NAT (called by
While natd(8) has the -log_denied option, I don't see anything equivalent for ipfw configuration. The log option only appears to provide counts of connections, unless I'm missing something somewhere.
It would also be valuable to see if anything is getting through to the NAT that shouldn't be on a continuing basis.
I don't know that it was ever possible to "dump" the current NAT state table, but if there's a way to do that, it would be helpful as well.
nat tablearg ip4 from any to any [recv|xmit] table(nat_from_if)
) or if there is something else going on.While natd(8) has the -log_denied option, I don't see anything equivalent for ipfw configuration. The log option only appears to provide counts of connections, unless I'm missing something somewhere.
It would also be valuable to see if anything is getting through to the NAT that shouldn't be on a continuing basis.
I don't know that it was ever possible to "dump" the current NAT state table, but if there's a way to do that, it would be helpful as well.