From owner-freebsd-questions@FreeBSD.ORG Tue Jul 20 18:10:47 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA45B1065673 for ; Tue, 20 Jul 2010 18:10:46 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 7ADE88FC15 for ; Tue, 20 Jul 2010 18:10:46 +0000 (UTC) Received: by wwe15 with SMTP id 15so702980wwe.31 for ; Tue, 20 Jul 2010 11:10:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type; bh=jZ5PmLg0Crvoto/1GjrLM6Mo+W2rQUdCLRjyRqrf/X0=; b=LmP8Ti5kg5+eMUzCjyn2cI5scTxzi1kW+/2LxcyQGlTk+FuMlc0K+P024PwHGOurra WNhX1O7lfh8nWeuNccOypypTX4fHpVIljtKdIs79kW9O4GOJ0vnKPUUT6aR9KH8kQ6qf 9G1r1lMOT7yZM4CbrzBpCSnl3WffpTOUZLp0s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; b=u3ER2O0VEjQcxvUxBYkQvcuQpkURIhh9KyGrVHS1HpnoMaaxNnBiBUhv346m1HsQ9s m9R0rectkjFllIH66ShqYM66PW3x153DkUL6y7dZvpHZCY2pnm/3CMLnCbke59zGR2Jv IfvDKyn972cWOj95RXYBueGjwKqoKE5GqaszA= MIME-Version: 1.0 Received: by 10.227.129.84 with SMTP id n20mr5925682wbs.61.1279649445198; Tue, 20 Jul 2010 11:10:45 -0700 (PDT) Received: by 10.216.229.202 with HTTP; Tue, 20 Jul 2010 11:10:44 -0700 (PDT) In-Reply-To: <4C45D6FC.5010601@locolomo.org> References: <4C3F91CF.5090206@locolomo.org> <4C419944.8030702@locolomo.org> <4C447F7F.6020308@locolomo.org> <4C45CBA3.9020800@comclark.com> <4C45D6FC.5010601@locolomo.org> Date: Tue, 20 Jul 2010 14:10:44 -0400 Message-ID: From: alexus To: Erik Norgaard Content-Type: text/plain; charset=UTF-8 Cc: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: google@alexus.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2010 18:10:47 -0000 On Tue, Jul 20, 2010 at 1:03 PM, Erik Norgaard wrote: > On 20/07/10 18.37, alexus wrote: > >>> You are running 2 different firewalls at the same time. >>> comment out >>> firewall_enable="YES" >>> firewall_type="open" >>> >>> and reboot your system. >> >> do you know that for a fact or you just guessing?? >> >> because first of all it worked before just fine with 2 firewalls >> second i disabled firewall, so firewall is no longer an issue >> third i have another system just like that that runs 2 firewall and >> everything working just fine! >> >> if you dont know the answer there is no need to throw just any answer >> as its pretty clear that this isn't the right answer > > Regardless of your previous experience, it is a bad idea to have two > different firewalls configured and enabled at the same time. It provides no > additional security and makes debugging a mess. that's why i disabled ipfw for now, as it's only used for traffic shapping and ipfilter used for filtering and it's part of ipnat. > Have you considered the possibility of both ipfw and ipfilter doing both > filtering and nat? not according to ipfw show, it's as open as it gets. su-3.2# ipfw show 00100 2894 283660 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 56006 24726087 allow ip from any to any 65535 0 0 deny ip from any to any su-3.2# > Another thing, I think I've mentioned before, you may have to reload > firewall/nat rules after the jail starts. i tried that but that didn't really solve anything > BR, Erik > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- http://alexus.org/