From owner-freebsd-questions Wed Dec 25 14:13:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CA0337B401 for ; Wed, 25 Dec 2002 14:13:48 -0800 (PST) Received: from radzinschi.com (pcp02453773pcs.owngsm01.md.comcast.net [68.55.91.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53AD443ED1 for ; Wed, 25 Dec 2002 14:13:46 -0800 (PST) (envelope-from marco@radzinschi.com) Received: from localhost (marco@localhost.radzinschi.com [127.0.0.1]) by radzinschi.com (8.12.6/8.12.6) with ESMTP id gBPMDNrM035880; Wed, 25 Dec 2002 17:13:24 -0500 (EST) (envelope-from marco@radzinschi.com) Date: Wed, 25 Dec 2002 17:13:23 -0500 (EST) From: Marco Radzinschi To: Adam Lofstedt Cc: Fernando Gleiser , Subject: Re: Can't route past gateway In-Reply-To: <20021225200959.55135.qmail@web12208.mail.yahoo.com> Message-ID: <20021225171214.T35858-100000@radzinschi.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 25 Dec 2002, Adam Lofstedt wrote: > > yes, your message was posted. keppt it easy, it's a > > world-wide holiday, > > so the answers can take while. :) > > > Thanks... Sorry about this. I didn't mean to make it > seem hysterical or anything. > > > > > > > I have a freeBSD machine with two NICS that I am > > using > > > as a NAT gateway. No matter what I do, clients on > > my > > > LAN can't get past the gateway. They can ping > > both > > > the interal and external interfaces of the > > gateway, > > > but can't get outside. > > > > Either NAT is not working or the filter are blocking > > the packets. try doing an > > 'ipnat -l' and post the output. If the rules are > > loaded, drop the > > filters ('ipf -Fa') and try again from one client. > > > #ipnat -l > List of active MAP/redirect filters: > map x10 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp > 40000:60000 > map x10 192.168.1.0/24 -> 0.0.0.0/32 > > List of active sessions: > > I've tried ipf -Fa, but no luck yet. > > Thanks and happy holidays. > > Adam Lofstedt Have you issued an "ipf -y" command to synchronize IPFilter's address with the 0/32 rule? Marco Radzinschi E-Mail: marco@radzinschi.com Wed Dec 25 17:12:14 EST 2002 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message