Date: Wed, 07 Oct 2015 10:10:06 -0500 From: Mark Felder <feld@FreeBSD.org> To: "Dr. Rolf Jansen" <rj@obsigna.com> Cc: freebsd-net@freebsd.org Subject: Re: Struggling with IPFW on CURRENT Message-ID: <1444230606.4186557.403881505.01840524@webmail.messagingengine.com> In-Reply-To: <242ED31C-C8C1-403C-8676-42DA2F256134@obsigna.com> References: <1444226262.4164898.403785985.524883DA@webmail.messagingengine.com> <56152CCD.3010302@madpilot.net> <1444228604.4174170.403845001.7FAB35BB@webmail.messagingengine.com> <242ED31C-C8C1-403C-8676-42DA2F256134@obsigna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 7, 2015, at 09:43, Dr. Rolf Jansen wrote: >=20 >=20 > You definitely need net.inet.ip.fw.one_pass=3D0 for statefule IPFW+NAT for > the IPv4 traffic. IPv6 does not pass NAT anyway and is not affected. >=20 > I assume, that you have gateway_enable=3D"YES" and > ipv6_gateway_enable=3D"YES" in your /etc/rc.conf =E2=80=94 sometimes this= becomes > forgotten. >=20 > Best regards >=20 > Rolf >=20 Yes, I do have those. My firewall has been fully functioning in pf for years, but options for QoS in FreeBSD are poor. OpenBSD's QoS in their newer pf is great. I've heard enough about dummynet to want to try it out, but getting the most basic configuration working so I can convert the rest of my firewall ruleset has been rather painful so far. It seems I've been missing this rather important sysctl setting because the traffic hasn't been flowing through my ruleset the way I expected it to. Thanks for your input! --=20 Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1444230606.4186557.403881505.01840524>