Date: Sun, 1 Mar 2009 13:17:08 -0500 From: dacoder <dc@dcoder.net> To: freebsd-questions@freebsd.org Subject: ipfilter, ipnat, and if driver ath: what's just changed? Message-ID: <20090301181708.GF7007@mail2.dcoder.net>
next in thread | raw e-mail | index | archive | help
updating my system friday from the feb 7 version of 7.1 to the latest broke tcp and udp (but *not* icmp) over ipnat, which had worked forever with my current ipfilter rules and ipnat mapping rules, which are pretty simple. what has changed? /etc/ipnat.rules: map age0 10.0.0.0/24 -> <external ip>/32 @ the top of /etc/ipf.rules: pass out quick on age0 proto tcp/udp from any to any keep state keep frags pass out quick on age0 proto icmp from any to any keep state keep frags that used to work. now it doesn't, witness ipmon: 01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 -> 10.0.0.253,2914 PR tcp len 20 48 -AS IN NAT what's changed? ipf? ipnat? age? am i using an obsolete & therefore unworkable set of ipfilter rules? icmp still works, btw. i'd be grateful for any help. thx. david coder network engineer emeritus ntt/verio
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090301181708.GF7007>