gistfile1.txt

root@nucklehead:~ # kenv net.inet.ip.fw.default_to_accept=1
net.inet.ip.fw.default_to_accept="1"
root@nucklehead:~ # kldload ipfw ipfw_nat
root@nucklehead:~ # sysctl net.inet.ip.fw.enable
net.inet.ip.fw.enable: 1
root@nucklehead:~ # sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
root@nucklehead:~ # sysctl net.inet6.ip6.forwarding=1
net.inet6.ip6.forwarding: 1 -> 1
root@nucklehead:~ # sysctl net.inet.tcp.tso=0
net.inet.tcp.tso: 1 -> 0
root@nucklehead:~ # ipfw -q nat 1 config if em0 same_ports unreg_only reset
root@nucklehead:~ # ipfw disable one_pass
root@nucklehead:~ # ipfw add 1 allow ip from any to any via lo0
00001 allow ip from any to any via lo0
root@nucklehead:~ # ipfw add 100 reass all from any to any in
00100 reass ip from any to any in
root@nucklehead:~ # ipfw add 101 check-state
00101 check-state :default
root@nucklehead:~ # ipfw add 105 nat 1 ip from 10.0.0.0/8 to any out via em0
00105 nat 1 ip from 10.0.0.0/8 to any out via em0
root@nucklehead:~ # ipfw add 110 nat 1 ip from any to any in via em0
00110 nat 1 ip from any to any in via em0
root@nucklehead:~ # ipfw show
00001     0        0 allow ip from any to any via lo0
00100  3024   691781 reass ip from any to any in
00101     0        0 check-state :default
00105   272    20364 nat 1 ip from 10.0.0.0/8 to any out via em0
00110  1182   294309 nat 1 ip from any to any in via em0
65535 87877 36185708 allow ip from any to any
root@nucklehead:~ #