From owner-freebsd-questions@FreeBSD.ORG Thu Sep 17 18:31:32 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 162911065672 for ; Thu, 17 Sep 2009 18:31:32 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward12.yandex.ru (forward12.yandex.ru [95.108.130.94]) by mx1.freebsd.org (Postfix) with ESMTP id BB4CD8FC08 for ; Thu, 17 Sep 2009 18:31:31 +0000 (UTC) Received: from smtp14.yandex.ru (smtp14.yandex.ru [95.108.131.192]) by forward12.yandex.ru (Yandex) with ESMTP id 3EA2615D0F12; Thu, 17 Sep 2009 22:20:00 +0400 (MSD) Received: from HOMEUSER (unknown [77.93.42.18]) by smtp14.yandex.ru (Yandex) with ESMTPA id C1A64682C7; Thu, 17 Sep 2009 22:19:59 +0400 (MSD) X-Nat-Received: from [192.168.9.80]:1572 [ident-empty] by SPAM FILTER: with TPROXY id 1253211747.14909 abuse-to kes-kes@yandex.ru Date: Thu, 17 Sep 2009 21:20:07 +0300 From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?windows-1251?B?188gyu7t/Oru4iwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <1751911935.20090917212007@yandex.ru> To: Ruben de Groot In-Reply-To: <20090917174501.GA34712@ei.bzerk.org> References: <19122.17463.670129.782291@jerusalem.litteratus.org> <20090917174501.GA34712@ei.bzerk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit X-Yandex-TimeMark: 1253211600 X-Yandex-Spam: 1 X-Yandex-Front: smtp14.yandex.ru Cc: Robert Huff , questions@freebsd.org Subject: Re[2]: ipfw + NAT doesn't work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2009 18:31:32 -0000 Здравствуйте, Ruben. >> If not ... how do I figure out what's wrong? What is your ipfw rules? Вы писали 17 сентября 2009 г., 20:45:01: RdG> On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed: >> >> I have a machine running >> >> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 >> >> It has this in the config file for the running kernel: >> >> options IPFIREWALL #firewall >> options IPFIREWALL_VERBOSE #enable logging to syslogd(8) >> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity >> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default >> options IPFIREWALL_NAT #ipfw kernel nat support >> options LIBALIAS >> >> It (10.0.0.1) connects correctly to another machine (10.0.0.3); >> I know because .3 mounts one of .1's disks using Samba. >> With the ipfw rules appended below, I can't NAT, nor should I >> be able to. ("em0" faces the Internet; "em1" faces the other >> machine.) >> However: using these I still can't get through RdG> Through to what? You seem to be able to connect on a local subnet, but RdG> not to the internet through NAT, which you say is ok, because you shouldn't ? RdG> Please explain exactly what you want to do. >> Have I forgotten something? Or misunderstood something? >> If not ... how do I figure out what's wrong? RdG> /var/log/security is a good place to start, as your config seems to log allmost RdG> all denies. RdG> BTW, CURRENT is a development branch. Fine if you want to run it, but you RdG> should do some basic debugging yourself before posting problems with it. And RdG> then the -questions list is probably not the best place to find answers. -- С уважением, Коньков mailto:kes-kes@yandex.ru