From owner-freebsd-net@FreeBSD.ORG  Fri Sep 23 13:59:20 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D57A716A41F
	for <freebsd-net@freebsd.org>; Fri, 23 Sep 2005 13:59:20 +0000 (GMT)
	(envelope-from lourik@wtec.co.za)
Received: from meerkat.wtec.co.za (meerkat.wtec.co.za [69.67.33.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7959143D4C
	for <freebsd-net@freebsd.org>; Fri, 23 Sep 2005 13:59:14 +0000 (GMT)
	(envelope-from lourik@wtec.co.za)
Received: from lourik.wtec.co.za ([192.168.2.200])
	(AUTH: PLAIN lourik@wtec.co.za)
	by meerkat.wtec.co.za with esmtp; Fri, 23 Sep 2005 16:02:30 +0200
From: Lourik Malan <lourik@wtec.co.za>
Organization: Woodlands Technologies Pty(LTD)
To: freebsd-net@freebsd.org
Date: Fri, 23 Sep 2005 13:59:00 +0000
User-Agent: KMail/1.8
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200509231359.01354.lourik@wtec.co.za>
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Fwd: ipnat
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lourik@wtec.co.za
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2005 13:59:21 -0000


Hi There

I need some help. I've always used Freebsd 4.x as my main firewall, now i've
upgrade to 5.4 with the same config files. I can ping the net from the
BSD-server, but not from the lan. All my config files is below

I get the following when from a firewall that i'm pinging

meerkat /kernel: ipfw: 2 Accept ICMP:8.0 172.20.154.77 69.67.33.50 in via rl1
meerkat /kernel: ipfw: 2 Accept ICMP:0.0 69.67.33.50 172.20.154.77 out via rl1


Please help.



Thanks

# This is my config rc.conf
ifconfig_xl1_alias0="       inet 196.23.176.188  netmask 255.255.255.255"
ifconfig_xl1_alias1="       inet 196.23.176.189  netmask 255.255.255.255"
ifconfig_xl1_alias2="       inet 196.23.176.190  netmask 255.255.255.255"
ifconfig_xl1_alias3="       inet 196.23.176.186  netmask 255.255.255.255"
ifconfig_xl1_alias4="       inet 196.23.176.185  netmask 255.255.255.255"
ifconfig_xl1_alias5="       inet 196.23.176.184  netmask 255.255.255.255"
ifconfig_xl1_alias6="       inet 196.23.176.183  netmask 255.255.255.255"
ifconfig_xl1="                 inet 196.23.176.187  netmask 255.255.255.240"

ifconfig_xl0="                 inet 172.20.154.2      netmask 255.255.255.0"

# This is my ipnat.rules
bimap xl1 172.20.154.199/32     ->      196.23.176.188/32
bimap xl1 172.20.154.198/32     ->      196.23.176.189/32
bimap xl1 172.20.154.197/32     ->      196.23.176.190/32
bimap xl1 172.20.154.3/32       ->      196.23.176.186/32

map xl1 172.20.154.0/24   -> 196.23.176.187/32

RC.conf
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="NO"
firewall_logging="YES"
firewall_flags=""

ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""

ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
ipnat_flags=""

ipmon_enable="YES"
ipmon_program="/sbin/ipmon"
ipmon_flags="-Ds"

In my kernel

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT
options         DUMMYNET
options         HZ=1000

ipf.rules
pass in all
pass out all

-------------------------------------------------------

-- 



Lourik Malan
Woodlands Technologies Pty(LTD)
082 570 3191