From owner-freebsd-questions@FreeBSD.ORG Thu Sep 29 15:22:17 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF4A316A41F for ; Thu, 29 Sep 2005 15:22:17 +0000 (GMT) (envelope-from aj@siegel-tech.net) Received: from mpls-qmqp-02.inet.qwest.net (mpls-qmqp-02.inet.qwest.net [63.231.195.113]) by mx1.FreeBSD.org (Postfix) with SMTP id 3692043D49 for ; Thu, 29 Sep 2005 15:22:17 +0000 (GMT) (envelope-from aj@siegel-tech.net) Received: (qmail 69775 invoked by uid 0); 29 Sep 2005 15:13:34 -0000 Received: from unknown (63.231.195.7) by mpls-qmqp-02.inet.qwest.net with QMQP; 29 Sep 2005 15:13:34 -0000 Received: from siegel-tech.org (HELO ?192.168.245.93?) (70.58.29.136) by mpls-pop-07.inet.qwest.net with SMTP; 29 Sep 2005 15:21:41 -0000 Date: Thu, 29 Sep 2005 09:20:15 -0600 Message-Id: <200509290920.16204.aj@siegel-tech.net> From: "Aaron Siegel" To: freebsd-questions@freebsd.org User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Problems with IPF after upgrading from 4.11 to 5.4 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2005 15:22:17 -0000 Hello I am having problems with my gateway after upgrading from 4.11 to 5.4. The firewall rules that worked in 4.11 are not working in 5.4. A am able to access the internet from the gateway but not its clients. The only ruleset I can get to work is the "open" ruleset that is supplied with the distribution. When I use the ruleset that work with 4.11 or the "simple" ruleset (modified to work with my network) the clients can access the gateway but not the internet . My ISP provides a NAT router which does not provide the ability to disable NAT. I have cometed out all the lines that block packets from 192.168.0.0 network. I have compiled the IPFIREWALL and IPDIVERT options into the kernel and I have setup setup rc.conf see bellow. Access to the internet seems slow it takes a long time for a page to download. When performing a ping test the ip address is resolved quickly so I do not think it is DNS. Is there anything that has changed from 4.11 to 5.4 that would cause this problem. Thank You Aaron #Network Configuration hostname="hal.siegel-tech.org" ifconfig_dc0="192.168.0.2" ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" defaultrouter="192.168.0.1" #Gateway Configurations gateway_enable="YES" firewall_enable="YES" firewall_type="open" natd_enable="YES" natd_interface="dc0"