From owner-freebsd-isp@FreeBSD.ORG Sat Jan 14 15:59:57 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC5A116A420 for ; Sat, 14 Jan 2006 15:59:57 +0000 (GMT) (envelope-from shulik_freebsd@matrixhome.net) Received: from mail.donec.net (ns.donec.net [193.108.38.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 507C743D45 for ; Sat, 14 Jan 2006 15:59:54 +0000 (GMT) (envelope-from shulik_freebsd@matrixhome.net) Received: from [192.168.133.9] (proxy.donec.net [193.108.38.2]) by mail.donec.net (Postfix) with ESMTP id 4EDE7187E78; Sat, 14 Jan 2006 17:59:53 +0200 (EET) Message-ID: <43C9204A.1020401@matrixhome.net> Date: Sat, 14 Jan 2006 18:01:14 +0200 From: Alexander User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051017) X-Accept-Language: ru-ru, ru MIME-Version: 1.0 To: Brian Candler References: <375DD163B075E34EA3C10A6286E34A54C1D4B5@exhsto1.se.dataphone.com> <43C7A18D.8060904@centtech.com> <43C7B008.8060404@matrixhome.net> <20060114131427.GA5349@uk.tiscali.com> In-Reply-To: <20060114131427.GA5349@uk.tiscali.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-isp@freebsd.org Subject: Re: FreeBSD as Server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2006 15:59:58 -0000 I think, that ipfw is native for FreeBSD - it works better than other packet filters. Am I right? With ng_nat first trouble was in parameter of mpd - there is set bundle enable compression. Second trouble is next: in example I got next strings: ipfw add 300 netgraph.... any to any.... ipfw add 400 netgraph.... any to any..... In hook netgraph "out" I send only traffic from clients (in example was all traffic). In hook "in" I send all traffic from external interface. But I took a problem with network on server. ping works fine mtr doesn't work telnet don't work. But why? When traffic that not be NATed in ng_nat was sent in hook "in" - it must simply out from it? Or no? Where is trouble? Brian Candler пишет: >On Fri, Jan 13, 2006 at 03:50:00PM +0200, Alexander wrote: > > >>Now I try to configure ng_nat. I use example from man ng_nat. Clients >>machine can ping inet hosts, but nothing loaded by http or ftp or other >>tcp protocol. On server packet NATed by not real ip. On other server >>under Linux this packet again NATed by real ip. What can I do with this? >> >> > >Probably easier to use one of the other firewalling techniques to do NAT >rather than manually configure ng_nat. > >Your other options are: >- ipfw + natd (old and venerable) >- ipf >- pf > >My personal favourite is pf (which came from OpenBSD). Configuring NAT is >just one line in /etc/pf.conf. > >Regards, > >Brian. >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >