From owner-freebsd-hackers Mon Jan 13 13:43:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA07906 for hackers-outgoing; Mon, 13 Jan 1997 13:43:43 -0800 (PST) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA07881 for ; Mon, 13 Jan 1997 13:43:36 -0800 (PST) Message-Id: <199701132143.NAA07881@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA062301735; Tue, 14 Jan 1997 08:42:15 +1100 From: Darren Reed Subject: Re: IPFILTER To: tinguely@plains.nodak.edu (Mark Tinguely) Date: Tue, 14 Jan 1997 08:42:15 +1100 (EDT) Cc: chris@mail.bb.cc.wa.us, brian@awfulhak.demon.co.uk, hackers@FreeBSD.org In-Reply-To: <199701131951.NAA22684@plains.nodak.edu> from "Mark Tinguely" at Jan 13, 97 01:51:27 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk In some mail from Mark Tinguely, sie said: > > > in the FBSD box i have two network cards. > > fxp0 inet 208.8.136.10 > > fxp1 inet 10.16.14.1 > > > > > when i ping 10.16.14.1 i get nothing. > > ping (and traceroute) uses ICMP not IP. ICMP is not rewritten in NAT rules. > get the Stevens book to see an example of UDP ping if you wish to use ping. ICMP is now (but it doesn't rewrite the headers in error packets). > Also, to get a successful remapping for IP application, be sure that you > turned on the IP forwarding on the NAT host (ie: > > sysctl -w net.inet.ip.forwarding=1 > > ). even better, for things like ftp which have address data in the TCP stream, use a proxy. Darren