From owner-freebsd-questions Wed Dec 25 1:35:39 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C852A37B427 for ; Wed, 25 Dec 2002 01:35:36 -0800 (PST) Received: from aurlov.spdop.ru (aurlov.spdop.ru [195.34.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2388D43ED4 for ; Wed, 25 Dec 2002 01:35:35 -0800 (PST) (envelope-from aurlov@ptt.ru) Received: from ptt.ru (localhost [127.0.0.1]) by aurlov.spdop.ru (Postfix) with ESMTP id F41C062; Wed, 25 Dec 2002 12:35:31 +0000 (GMT) Message-ID: <3E09A613.8040909@ptt.ru> Date: Wed, 25 Dec 2002 12:35:31 +0000 From: "Aleksey I. Yurlov" Reply-To: aurlov@ptt.ru User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3a) Gecko/20021212 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: adaml@visimation.com Cc: freebsd-questions@freebsd.org Subject: Re: Help with IPF and IPNAT References: <163890-220021232584230611@M2W047.mail2web.com> In-Reply-To: <163890-220021232584230611@M2W047.mail2web.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You didn't send any rules for it? Do you tune them? Try to read this about ip filter installation and sturtup-time pulling. http://www.freebsddiary.org/topics.php#ipfilter adaml@visimation.com wrote: > Argh! I've been pulling my hair out trying to get my NAT gateway going. > > I have two interfaces, one external and internal, servicing a private LAN. >>From the LAN I can ping the internal interface and the external interface, > but I can't get past the ext. interface. For testing my rules are pass in > all and pass out all. From the gateway itself I can ping anywhere outside > or inside. > > I have tried loading IPNAT and IPF as loadable kernel modules by adding the > following to /etc/rc.conf: > > gateway_enable="YES" > network_interfaces="x10 dc0 lo0" > ifconfig x10... > ifconfig dc0... > ipfilter_enable="YES" > ipfilter_rules="/etc/ipf.rules" > ipfilter_program="/sbin/ipf" > ipfilter_flags="" > ipnat_enable="YES" > ipnat_program="/sbin/ipnat" > ipnat_flags="" > > Each interface is up and running. My default gateway in /etc/rc.conf is > the gateway of the external NIC. > > Can anyone see anything wrong with what I am doing, or something missing? > Do I need routed installed and running? I also tried > forward_sourceroute="YES", but that didn't seem to help. > > Thanks, > Adam Lofstedt > > -------------------------------------------------------------------- > mail2web - Check your email from the web at > http://mail2web.com/ . > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Best regards, Aleksey I. Yurlov aurlov@spdop.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message