From owner-freebsd-questions@FreeBSD.ORG  Sat Dec 24 10:21:01 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9376C16A41F
	for <freebsd-questions@freebsd.org>;
	Sat, 24 Dec 2005 10:21:01 +0000 (GMT)
	(envelope-from mime@traveller.cz)
Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 034F043D53
	for <freebsd-questions@freebsd.org>;
	Sat, 24 Dec 2005 10:21:00 +0000 (GMT)
	(envelope-from mime@traveller.cz)
Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13])
	by ss.eunet.cz (8.13.1/8.13.1) with ESMTP id jBOALlo8034976
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Sat, 24 Dec 2005 11:21:48 +0100 (CET)
	(envelope-from mime@traveller.cz)
From: Michal Mertl <mime@traveller.cz>
To: =?iso-8859-2?Q?Ma=B6lanka?= Wojciech <wojciech.maslanka@gmail.com>
In-Reply-To: <fd28a7fd0512231407h5b623fcp@mail.gmail.com>
References: <fd28a7fd0512231407h5b623fcp@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-2
Date: Sat, 24 Dec 2005 11:20:54 +0100
Message-Id: <1135419654.881.3.camel@genius1.i.cz>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 8bit
Cc: Freebsd-questions <freebsd-questions@freebsd.org>
Subject: Re: ipnat and "ping" problem.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Dec 2005 10:21:01 -0000

Maślanka Wojciech píše v pá 23. 12. 2005 v 23:07 +0100:
> This is my network:
> Internet---------------[rl0, 192.168.0.50_____10.0.0.1
> ,rl1]------------------[10.0.0.2]
> On 10.0.0.2 machine I cant ping any host in internet. I can ping only
> 10.0.0.1 and 192.168.0.50. :(
> Whats wrong??
> 
> 
> 
> [/usr/src]#uname -a
> FreeBSD freebsd.mila10.6 6.0-RELEASE FreeBSD 6.0-RELEASE
> 
> 
> [/usr/src]#ipfstat -io
> pass out quick all
> pass in quick all
> 
> 
> [/usr/src]#ipnat -l
> List of active MAP/Redirect filters:
> map rl0 10.0.0.0/24 -> 192.168.0.50/32 proxy port ftp ftp/tcp
> map rl0 10.0.0.0/24 -> 192.168.0.50/32 portmap tcp/udp auto
> map rl0 10.0.0.0/24 -> 192.168.0.50/32
> 

You need also
map rl0 10.0.0.0/24 -> 192.168.0.50/32 icmpidmap icmp 64000:65535

In the documentation of ipnat(5) there's written that for this to
reliably work you have to recompile the world with limited PID_MAX but
it works without it.


> List of active sessions:
> MAP 10.0.0.2      3610  <- -> 192.168.0.50    8666  [66.249.85.83 80]
> MAP 10.0.0.2       3609  <- -> 192.168.0.50    8665  [66.249.85.83 80]
> MAP 10.0.0.2      3608  <- -> 192.168.0.50    8664  [66.249.85.19 80]
> MAP 10.0.0.2       3607  <- -> 192.168.0.50    8663  [194.204.152.34 53]
> MAP 10.0.0.2      3606  <- -> 192.168.0.50    8662  [66.249.85.83 80]
> 


Michal