Date: Thu, 31 Jul 2003 12:21:44 -0700 From: Sean Hafeez <sahafeez@edgefocus.com> To: Ean Kingston <eankingston@rogers.com>, freebsd-ipfw@freebsd.org Subject: Re: radius and natd Message-ID: <3F296C48.9020309@edgefocus.com> In-Reply-To: <1059617795.12631.22.camel@prosporo.hedron.org> References: <3F26CF32.2060307@edgefocus.com> <1059617795.12631.22.camel@prosporo.hedron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
thanks fixed it. the box was setup as default open in the kernel so i do not need the last default allow. turns out my upsteam had filters on radius. Ean Kingston wrote: > On Tue, 2003-07-29 at 15:46, Sean Hafeez wrote: > >>i have a network (10.0.0.x) that is nat'd to the external interface of >>the firewall. everything works great. the kernel was compiled with the >>leave everything open opition. the only rules are: >> >>/sbin/natd -interface rl0 >>ipfw add divert natd all from any to any via rl0 >>ipfw add pipe 1 ip from any to any in recv rl1 >>ipfw add pipe 2 ip from any to any out xmit rl1 >>ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s >>ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s > > Do you not need: > ipfw add allow all from any to any > at the very end of that? > >>rl0 is the external. rl1 is the internal 10.0.0.x network. >> >>i have a device on the internal network 10.0.0.4 that needs to query an >>radius server on the internet. i can see the request come in from the >>device on rl1 (tcpdump -i rl1) but i see nothing leave and never see the >>packet hit the server. is nat the problem? is there away around this? >> >>i googled but did not find anything that worked. remember this is a wide >>open box that is just being used for nat and shapping with no rules. >> >> >>thanks! >> >> >> >> >>_______________________________________________ >>freebsd-ipfw@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F296C48.9020309>