From owner-freebsd-questions@FreeBSD.ORG Sat Nov 24 12:34:42 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 138C316A418 for ; Sat, 24 Nov 2007 12:34:42 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.229]) by mx1.freebsd.org (Postfix) with ESMTP id C395613C442 for ; Sat, 24 Nov 2007 12:34:41 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so19531nzf for ; Sat, 24 Nov 2007 04:34:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=DRPTrtWroYCGOhGAnC/LoDDTMWN3hxbsk8mBOOT4ZDU=; b=sKjZaSbBnD9hwX1n4UVdn+/2V16C19WUZopWzLjXSSQMn2cMGkc7h35ibR5RWVcJgyNA6cXwHwkRbIzn/xB04cDT4S1Yw5xHUe6hqMi7eN/fglP7zlcMgViE+Bf7se2CW8ipblvn60+qwVE4z4wrU9jELA+rIeN5CvWImCUXAz8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=WAHGRHMDPcQkROId0e+xQnHTWMQYBFRi2byL6Xv2AdHRMGg7KM2aCTKIRXQWLUcqr2MV8zOQf/RGfGnPQWQo6gr3ZBhUZudeX1iRMNuO7BIHErzG+9nvDJZQ7TePXA3Yvicvl1J+8aybwblxBM5rH1ydW4qaCDj9EncRNA0ukzg= Received: by 10.142.76.4 with SMTP id y4mr34136wfa.1195907680242; Sat, 24 Nov 2007 04:34:40 -0800 (PST) Received: by 10.143.125.3 with HTTP; Sat, 24 Nov 2007 04:34:40 -0800 (PST) Message-ID: <2949641c0711240434m71fbbc0fj73c7af80f88bad6d@mail.gmail.com> Date: Sat, 24 Nov 2007 10:34:40 -0200 From: "Alaor Barroso de Carvalho Neto" To: "Ian Smith" In-Reply-To: MIME-Version: 1.0 References: <20071123151355.0B21416A4D4@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 12:34:42 -0000 2007/11/24, Ian Smith : > > ipfw works fine too for these sorts of network policy separation :) So ipfilter is not recommended by you guyz? If that wasn't a typo, this is a non-contiguous netmask. I suspect you > want 255.255.255.224, assuming the default router is in the same subnet? > > Specifying CIDR notation with route and ifconfig can make netmask > fatfingering a bit less likely (eg here XXX.XXX.XXX.130/27) > > I'm not saying this odd netmask explains your problem, nor that I fully > understand the effect of non-contiguous netmasks, but it's worth fixing. My fault again, the mask is 255.255.255.224, I messed up the things the 27 come from XXX.XXX.XXX.XXX/27, you're right! But in the config file it's .224. On which machine/s is NAT translation taking place? Eg if 10.10/16 were > allowed access to the internet via here, where would they get NAT'd to > the external IP? > > Cheers, Ian > > The ipfilter was nating, but I'm not sure about the NAT rules inside the config file, I must recheck it monday, I just tested the redirection rules, do you think this can be the problem? Alaor