Date: Sun, 7 May 2000 22:35:10 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Allen Lu <allenklu@yahoo.com> Cc: questions@freebsd.org Subject: Re: ipfirewall (ipfw) Message-ID: <20000507223510.F23187@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <20000508014707.3683.qmail@web2101.mail.yahoo.com>; from allenklu@yahoo.com on Sun, May 07, 2000 at 06:47:07PM -0700 References: <20000508014707.3683.qmail@web2101.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 07, 2000 at 06:47:07PM -0700, Allen Lu wrote: > --- "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> wrote: > > [Can you turn off the forced line-wrapping in your mailer? It makes > > things very hard to read.] > > I've set it to 80. Was 75 and 55 before.Yahoo mail does not have no wrapping > looks like. > > > On Sun, May 07, 2000 at 09:40:28AM -0700, Allen Lu wrote: > > > Hi I made the modifications as suggested however I > > > still do not get 216.218.224.107 forwarded to > > > 192.168.1.10. It goes directly to the firewall. Here > > > is my current config: > > I too agree that this is getting strange because the suggestion by Oliver to > use the redirect_port did not work either. It seems that my config is totally > ignored. I've been recompiling the kernel. Do you suggest I go to a fresh copy > again? > > > > > options IPFIREWALL_FORWARD #enable > > > > transparent proxy support > > > > This is not needed. > > Will it hurt to keep it in? No. > > > > Also, change your rc.conf alias line to.. > > > > > > > > ifconfig_rl0_alias0="inet 216.218.224.107 netmask > > > > 255.255.255.255 > > > > broadcast 216.218.224" > > > > This is correct. > > What I had before ifconfig rl0 alias 216.218.224.107 netmask 255.255.255.248 > was fine too. It's not actually correct and could cause subtle problems. > > > > The netmask needs to be 255.255.255.255 or you will > > > > not be able to route > > > > packets between IPs as the machine is looking for > > > > something that is > > > > physically on the net and not just an alias. Packet > > > > forwarding needs to > > > > be on to allow static routing. > > > > I do not understand why this would not be working for you. Have you > > made any customizations to rc.firewall? When your system is up and > > running could you provide the output of, > > I thought the rc.firewall may have had wrong entries. I modified the entries to > match my NICs at rl0 and rl1. Didn't modify anything else. For now I am only > using the open policy. Might be OK. As we see below, the problem occurs before then. [snip expected, proper information] > > # ipfw show > > rogue# /sbin/ipfw show > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 65000 3281 345053 allow ip from any to any > 65535 0 0 deny ip from any to any > > > # ps aux | grep natd > > natd is not running. how is this so? Doesn't natd run by the rc.conf line > natd_enable="YES"? > > But for now this is my config. Something is not working. natd(8) is not running and you do not have the divert(4) rule for natd in your ipfw(8) rules. At least we know where the problem is now. And I think I spotted it. You are going to groan. It looks like you have, natd_enabled="YES" In /etc/rc.conf rather than, natd_enable="YES" D'oh! ;) -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000507223510.F23187>