Date: Sun, 1 Mar 2009 14:24:07 -0500 From: dacoder <dc@dcoder.net> To: freebsd-questions@freebsd.org Subject: Re: ipfilter, ipnat, and if driver ath [should have been age]: what's just changed? Message-ID: <20090301192407.GG7007@mail2.dcoder.net> In-Reply-To: <20090301181708.GF7007@mail2.dcoder.net> References: <20090301181708.GF7007@mail2.dcoder.net>
next in thread | previous in thread | raw e-mail | index | archive | help
+++ dacoder [01/03/09 13:17 -0500]: >updating my system friday from the feb 7 version of 7.1 to the latest broke >tcp and udp (but *not* icmp) over ipnat, which had worked forever with my >current ipfilter rules and ipnat mapping rules, which are pretty simple. >what has changed? > >/etc/ipnat.rules: > > map age0 10.0.0.0/24 -> <external ip>/32 > >@ the top of /etc/ipf.rules: > > pass out quick on age0 proto tcp/udp from any to any keep state keep > frags > pass out quick on age0 proto icmp from any to any keep state keep > frags > >that used to work. now it doesn't, witness ipmon: > >01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 -> 10.0.0.253,2914 >PR tcp len 20 48 -AS IN NAT > >what's changed? ipf? ipnat? age? am i using an obsolete & therefore >unworkable set of ipfilter rules? icmp still works, btw. > >i'd be grateful for any help. > >thx. > >david coder >network engineer emeritus >ntt/verio > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" i meant, of course, age, not ath in my subject line. sorry for the confusion.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090301192407.GG7007>