From owner-freebsd-questions@FreeBSD.ORG Wed Apr 12 12:32:37 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8443516A402 for ; Wed, 12 Apr 2006 12:32:37 +0000 (UTC) (envelope-from fbsd@a1poweruser.com) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE6CE43D62 for ; Wed, 12 Apr 2006 12:32:36 +0000 (GMT) (envelope-from fbsd@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta13.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060412123235.HITF27529.mta13.adelphia.net@barbish>; Wed, 12 Apr 2006 08:32:35 -0400 From: "fbsd" To: "Arnold Lee" , Date: Wed, 12 Apr 2006 08:32:30 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20060412083426.89543.qmail@web15810.mail.cnb.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: problem with ipfilter(ipnat) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Apr 2006 12:32:37 -0000 There is nothing wrong with FreeBSD 6.0 It's the way you activated ipf that is wrong. Ipfilter's ipnat function is not an independent function. You have to code this in rc.conf ipfilter_enable = "YES" ipnat_enable = "YES" and make sure there is no default ipf.rules file Then ipf will use its default pass all rule which results in the ipnat function working with a firewall rule of pass all Also your nat rules are incorrect. The special alias 0.0.0.0/32 should be 0/32 The FreeBSD handbook has a good section on ipfilter. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Arnold Lee Sent: Wednesday, April 12, 2006 4:34 AM To: freebsd-questions@freebsd.org Subject: problem with ipfilter(ipnat) I am in a small lan and want to use fb 6.0 as a router to share internet access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with : map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto map rl0 10.0.0.0/8 -> 0.0.0.0/32 And then I use my client compute(windows 2000 Pro) to access internet, it seems ok, but soon I realize that there are some websites I can not access! For example, www.chinaunix.net is unacessable! So are some ftp sites such as ftp.freebsd.org. It must be a problem of the FB6 box, because if i access internet directly from the win2000 box, all those sites above is ok ! what is wrong? By the way, I donot use ipfirewall and other firewall, and in rc.conf, I wrote "ipfilter_enable = NO, ipnat_enable= YES". Can you help me? --------------------------------- 无限容量雅虎相册,原图等大下载,超快速度,赶快抢注! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"