From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 15:41:55 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0AE7416A419 for ; Sat, 24 Nov 2007 15:41:55 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.233]) by mx1.freebsd.org (Postfix) with ESMTP id CC48F13C43E for ; Sat, 24 Nov 2007 15:41:54 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so30513nzf for ; Sat, 24 Nov 2007 07:41:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=FMDPLqzczUQ1vrEG6jLCPUpDOw7NR3Hu2Rs3BsbU/UQ=; b=pkKv0+QU9uXK/jlfr2v46G17fBTkA6LjefsMJJwAq4ZxsL0TQf8KgrYzl+zQuujqflqA5qxF5dbfuItYRAf5wiwt9wfINVcouBLMsh1L8H8/s8zKs1hv+fE+vfwlQAt/RqUYB9xFHg1olD14C81UYl84slNaVUwGJJH8/ANity4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=g1vAKdzU9clvqXZMNoBv+waz+jspUCTaKnuBMZmERDuscZS8Y1jL+7VUR1i/VZCBzKXgnmEfFnaI2pNeppg3SKTmhOvsek94l46RQVi0HtdVRGU4Uzflw/W3sIXjGFv17hwlD/ypb7aVYZZ6OyPKqO6wlfdVK9CBJAd+AUXZozI= Received: by 10.142.77.11 with SMTP id z11mr46269wfa.1195918911772; Sat, 24 Nov 2007 07:41:51 -0800 (PST) Received: by 10.143.125.3 with HTTP; Sat, 24 Nov 2007 07:41:51 -0800 (PST) Message-ID: <2949641c0711240741i24ef2a1cj46c2ba0f5a33fd38@mail.gmail.com> Date: Sat, 24 Nov 2007 13:41:51 -0200 From: "Alaor Barroso de Carvalho Neto" To: "Ian Smith" In-Reply-To: MIME-Version: 1.0 References: <2949641c0711240434m71fbbc0fj73c7af80f88bad6d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 15:41:55 -0000 2007/11/24, Ian Smith : > > No I didn't mean that; use your own favourite packet filter, any of them > can handle what you've described. Bill suggested pf - lots of people > seem to like it a lot - and I use ipfw because I (mostly) know how to. I always had linux servers, so I'm very familiar with iptables, I don't have a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter because I liked the tutorial in the FreeBSD handbook, but I don't know any features of the others, I even don't know ipfilter yet. Ok. Pasted output of 'ifconfig' and 'netstat -finet -nr' may help .. > it's easier to parse familiar machine output than textual descriptions. My BSD box don't have graphic interface and I must admit I'm suffering to use it, so that's why I'm transcripting the configs, but I'm gonna change that. Dunno. I'd just run tcpdump in a different terminal for each interface > and watch the traffic; what gets forwarded, or not, what gets translated > by NAT, or not. As you said, pings are a useful start, as can be adding > temporary firewall rules to log everything in and out per interface .. > > I know next to nothing about routed(8) and RIP, nor why you might prefer > it to static and cloned routing, but taking it out of the mix might help > with debugging until your basic routing and filtering works right? I think it's hard to be NAT even because I've disabled ipfilter and the problem still. I thought I would just set gateway_enable="YES" and things would start working, at least that was how I've seem in the docs, but like it didn't, I tried to set static routes. I don't know anything about routed too, I just know that it's supposed to build the routes on demand, or something like that. I'll copy the result of netstat on monday but the routes seems to be OK, they're there like they're supposed to be, at least I think they are right. Probably the problem is very stupid, but I feel like I've checked everything and I can't find the error, and like I'm not very familiar with BSD I'm losing my hope. Next week I'll try some things and if it don't work I think it's time to go back to linux. That's bad because I liked a lot the freebsd way of do the things. Thankz the attention guyz, hugs! Alaor