IPFW Jails on private ip with NAT

What I am trying to achieve is Jails on a private network (lo1) with IPs in the range 10.0.0.0/16. IPFW is configured as default deny.

Each jail is configured to allow certain incoming and outgoing ports. Inter jail traffic on lo1 is restricted to these ports as well as NAT traffic.

I have configured IPFW kernel NAT. I have used IPFW because it supports hairpin NAT and PF does not. I would like to use hairpin NAT because the jails may need to communicate with each other via the WAN interface.

I have used these sites as a guide to check my rules.
https://forums.freebsd.org/threads/ipfw-nat-setting.46929/
https://github.com/nileshgr/utilities/blob/master/admin/ipfw.rules.sh
http://nileshgr.com/2014/12/07/freebsd-ipfw-nat-jails

I am having a very hard time to get this to work. The first example (above) works for NAT but that is because the last rule is allow everything.

Has anyone got a working IPFW script for 10.2-RELEASE to achieve what I am trying to achieve?
 
Back
Top