Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Sep 2009 21:20:07 +0300
From:      =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= <kes-kes@yandex.ru>
To:        Ruben de Groot <mail25@bzerk.org>
Cc:        Robert Huff <roberthuff@rcn.com>, questions@freebsd.org
Subject:   Re[2]: ipfw + NAT doesn't work
Message-ID:  <1751911935.20090917212007@yandex.ru>
In-Reply-To: <20090917174501.GA34712@ei.bzerk.org>
References:  <19122.17463.670129.782291@jerusalem.litteratus.org> <20090917174501.GA34712@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Здравствуйте, Ruben.

>>       If not ... how do I figure out what's wrong?
What is your ipfw rules?

Вы писали 17 сентября 2009 г., 20:45:01:

RdG> On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>> 
>>       I have a machine running
>> 
>> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 
>> 
>>       It has this in the config file for the running kernel:
>> 
>> options  IPFIREWALL              #firewall
>> options  IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
>> options  IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
>> options  IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
>> options  IPFIREWALL_NAT          #ipfw kernel nat support
>> options  LIBALIAS 
>> 
>>       It (10.0.0.1) connects correctly to another machine (10.0.0.3);
>> I know because .3 mounts one of .1's disks using Samba.
>>       With the ipfw rules appended below, I can't NAT, nor should I
>> be able to.  ("em0" faces the Internet; "em1" faces the other
>> machine.)
>>       However: using these I still can't get through

RdG> Through to what? You seem to be able to connect on a local subnet, but
RdG> not to the internet through NAT, which you say is ok, because you shouldn't ?
RdG> Please explain exactly what you want to do.

>>       Have I forgotten something?  Or misunderstood something?
>>       If not ... how do I figure out what's wrong?

RdG> /var/log/security is a good place to start, as your config seems to log allmost
RdG> all denies.
RdG> BTW, CURRENT is a development branch.  Fine if you want to run it, but you
RdG> should do some basic debugging yourself before posting problems with it. And
RdG> then the -questions list is probably not the best place to find answers.


-- 
С уважением,
 Коньков                          mailto:kes-kes@yandex.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1751911935.20090917212007>