Date: Tue, 14 Oct 2003 11:40:57 -0700 From: DavidB <odyseus00@whatistruth.net> To: freebsd-stable@freebsd.org Subject: Re: IPNAT/Slow TCP/Pings fine/4.8-REL Message-ID: <3F8C4339.5000509@whatistruth.net> In-Reply-To: <58210000.1066091152@lerlaptop.lerctr.org> References: <10390000.1066022394@lerlaptop.lerctr.org> <20031013140359.5e3ba652.cpressey@catseye.mine.nu> <58210000.1066091152@lerlaptop.lerctr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Larry Rosenman wrote: > > > --On Monday, October 13, 2003 14:03:59 -0700 Chris Pressey > <cpressey@catseye.mine.nu> wrote: > >> On Mon, 13 Oct 2003 00:19:54 -0500 >> Larry Rosenman <ler@lerctr.org> wrote: >> >>> I was trying(!) to help a friend out, and built a 4.8-REL box >>> to play Router/NAT and it's ALMOST working. I can't seem to telnet/surf >>> from NAT'd addresses, but PING works fine. >>> [...] >>> What am I missing? What else do you/I need? > > This was with the ipfilter ipnat. I tried ipfw, and had the IPDIVERT > and the same symptoms. > > What's got me is the fact that I can PING, and apparently do DNS > lookups, but TCP just doesn't. :-( > > LER > >>> >>> THanks for any QUICK replies! >> >> >> "options IPDIVERT" in your kernel config...? >> >> -Chris >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > > > If you would post this to freebsd-questions you would probably get better service, since it is most likely a configuration issue. And yes, it is my understanding that IPDIVERT is not needed for IPFILTER and ipnat. anyone? the rc.conf gateway_enable option and setting the sysctl forwarding option do the same thing, someone more knowledgeable can answer to that one. Oh, I just checked it sets the forwarding but not fastforwarding. So you need either method you choose, both is redundant. You are not very descriptive: can ping? ping [ip.num.for.localhost] or ping [ip.num.for.externalhost] or ping [host.domain.tld] apparently do name lookups?? are you getting good results from nslookup www.abcnews.com or such? I think there is a top like command line option for ipfilter you can use to see what ipfilter is doing, but I am not sure if it is helpful with ipnat. posting to questions instead, I think is appropriate. Have a good day, David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F8C4339.5000509>