From owner-freebsd-hackers Thu Dec 14 23:39:18 2000 From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 14 23:39:16 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from jason.argos.org (a13b063.neo.rr.com [204.210.197.63]) by hub.freebsd.org (Postfix) with ESMTP id EAAAA37B400 for ; Thu, 14 Dec 2000 23:39:15 -0800 (PST) Received: from localhost (mike@localhost) by jason.argos.org (8.10.1/8.10.1) with ESMTP id eBF7XKp08342; Fri, 15 Dec 2000 02:33:20 -0500 Date: Fri, 15 Dec 2000 02:33:20 -0500 (EST) From: Mike Nowlin To: Lists Account Cc: hackers@FreeBSD.ORG Subject: Re: NOS-TUN / Natd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Just a quick question out of interests sake, I was setting up nos-tunnels > yesterday, and I had the tunnel functioning 100% perfectly, however I > could not get it to NAT the remote side of the tunnel, until I put an ipfw > divert 8668 ip from any to any via any statement in my firewall config. > ipfw add 1 divert 8668 ip from any to any in recv tun0 My first thought is to do something like: ipfw add 1 allow ip from any to any in via tun0 ipfw add 2 divert 8668 ip from 1.2.3.4 to any ...where 1.2.3.4 is an IP on the remote end of the tunnel - send a few packets from 1.2.3.4, then do an "ipfw s" to see if they're hitting that rule. That should help figure out if it's a problem with the tunnel code, or a problem with your ipfw rules. (ipfw can bring up some interesting situations, especially with NAT.) mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message