IPFW NAT + Jail Issue

I'm trying to run nzbget and transmission inside a jail which is hosted on a cloned lo0 interface and has an address of 172.16.0.2

No matter what rules I try, I cannot get the web interfaces to complete for either program when using ipfw. The authorisation box appears, I enter my details but then the page continuously attempts to load without ever actually completing.

Just to verify my networking I tried with pf and both pages loaded instantly.

ipfw show confirms traffic over the expected rules. I'm at a bit of a loss of what I should be looking at next.
 
Please post your ipfw ruleset and mask whatever you want to hide from the public. Without the ruleset we can't help you.
 
Depending on your NAT setup, the default sysctl setting net.inet.ip.fw.one_pass=1 may be problematic. You might want to try to set this value to 0.
 
Tell me about it. With this default value it's impossible to implement a useful stateful ipfw setup with because you have to process incoming traffic further after NAT to update the state.
 
Tell me about it. With this default value it's impossible to implement a useful stateful ipfw setup with because you have to process incoming traffic further after NAT to update the state.
Well, yes, a stateful NAT'ted firewall using ipfw(8) won't work with leaving the sysctl variable net.inet.ip.fw.one_pass at the default value of 1, i.e. one pass enabled. For this reason, I set this variable alway to 0.
 
Sorry for the late response. I spent a couple of days trying to get this figured out and just got rather fed up with it all, at which point I decided change my network layout and let my Cisco router deal with NAT duties instead.
 
Back
Top