From owner-freebsd-questions@FreeBSD.ORG Sun Mar 1 19:24:08 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E6881065766 for ; Sun, 1 Mar 2009 19:24:08 +0000 (UTC) (envelope-from dc@dcoder.net) Received: from ns2.dcoder.net (207-126-122-62.ip.openhosting.com [207.126.122.62]) by mx1.freebsd.org (Postfix) with ESMTP id 69DB38FC1F for ; Sun, 1 Mar 2009 19:24:08 +0000 (UTC) (envelope-from dc@dcoder.net) Received: by ns2.dcoder.net (Postfix, from userid 500) id E2FCF1330198; Sun, 1 Mar 2009 14:24:07 -0500 (EST) Date: Sun, 1 Mar 2009 14:24:07 -0500 From: dacoder To: freebsd-questions@freebsd.org Message-ID: <20090301192407.GG7007@mail2.dcoder.net> Mail-Followup-To: freebsd-questions@freebsd.org References: <20090301181708.GF7007@mail2.dcoder.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20090301181708.GF7007@mail2.dcoder.net> User-Agent: Mutt/1.4.1i Subject: Re: ipfilter, ipnat, and if driver ath [should have been age]: what's just changed? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Mar 2009 19:24:09 -0000 +++ dacoder [01/03/09 13:17 -0500]: >updating my system friday from the feb 7 version of 7.1 to the latest broke >tcp and udp (but *not* icmp) over ipnat, which had worked forever with my >current ipfilter rules and ipnat mapping rules, which are pretty simple. >what has changed? > >/etc/ipnat.rules: > > map age0 10.0.0.0/24 -> /32 > >@ the top of /etc/ipf.rules: > > pass out quick on age0 proto tcp/udp from any to any keep state keep > frags > pass out quick on age0 proto icmp from any to any keep state keep > frags > >that used to work. now it doesn't, witness ipmon: > >01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 -> 10.0.0.253,2914 >PR tcp len 20 48 -AS IN NAT > >what's changed? ipf? ipnat? age? am i using an obsolete & therefore >unworkable set of ipfilter rules? icmp still works, btw. > >i'd be grateful for any help. > >thx. > >david coder >network engineer emeritus >ntt/verio > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" i meant, of course, age, not ath in my subject line. sorry for the confusion.