Date: Sat, 24 Dec 2005 11:20:54 +0100 From: Michal Mertl <mime@traveller.cz> To: =?iso-8859-2?Q?Ma=B6lanka?= Wojciech <wojciech.maslanka@gmail.com> Cc: Freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: ipnat and "ping" problem. Message-ID: <1135419654.881.3.camel@genius1.i.cz> In-Reply-To: <fd28a7fd0512231407h5b623fcp@mail.gmail.com> References: <fd28a7fd0512231407h5b623fcp@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Maślanka Wojciech píše v pá 23. 12. 2005 v 23:07 +0100: > This is my network: > Internet---------------[rl0, 192.168.0.50_____10.0.0.1 > ,rl1]------------------[10.0.0.2] > On 10.0.0.2 machine I cant ping any host in internet. I can ping only > 10.0.0.1 and 192.168.0.50. :( > Whats wrong?? > > > > [/usr/src]#uname -a > FreeBSD freebsd.mila10.6 6.0-RELEASE FreeBSD 6.0-RELEASE > > > [/usr/src]#ipfstat -io > pass out quick all > pass in quick all > > > [/usr/src]#ipnat -l > List of active MAP/Redirect filters: > map rl0 10.0.0.0/24 -> 192.168.0.50/32 proxy port ftp ftp/tcp > map rl0 10.0.0.0/24 -> 192.168.0.50/32 portmap tcp/udp auto > map rl0 10.0.0.0/24 -> 192.168.0.50/32 > You need also map rl0 10.0.0.0/24 -> 192.168.0.50/32 icmpidmap icmp 64000:65535 In the documentation of ipnat(5) there's written that for this to reliably work you have to recompile the world with limited PID_MAX but it works without it. > List of active sessions: > MAP 10.0.0.2 3610 <- -> 192.168.0.50 8666 [66.249.85.83 80] > MAP 10.0.0.2 3609 <- -> 192.168.0.50 8665 [66.249.85.83 80] > MAP 10.0.0.2 3608 <- -> 192.168.0.50 8664 [66.249.85.19 80] > MAP 10.0.0.2 3607 <- -> 192.168.0.50 8663 [194.204.152.34 53] > MAP 10.0.0.2 3606 <- -> 192.168.0.50 8662 [66.249.85.83 80] > Michal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1135419654.881.3.camel>