Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Sep 2015 11:46:14 -0300
From:      Mario Lobo <lobo@bsd.com.br>
To:        Sergey Grigorian <grigorian@theconcept.ru>
Cc:        Mike Tancsa <mike@sentex.net>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: 10.2-RELEASE not forwarding packets/NATing with pf
Message-ID:  <20150903114614.17c98a13@Papi>
In-Reply-To: <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru>
References:  <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru> <55E84B51.7070103@sentex.net> <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Sep 2015 14:04:54 +0000
Sergey Grigorian <grigorian@theconcept.ru> wrote:

> > On 9/3/2015 7:49 AM, Sergey Grigorian wrote:
> > >
> > > And here's /etc/sysctl.conf:
> > >
> > > net.inet.ip.forwarding=1
> > >
> 
> > Hi,
> >         This does not work the way it might have in the past. Make
> > sure you set gateway_enable="YES"
> > in /etc/rc.conf
> > otherwise, devd and /etc/rc.d/routing will reset
> > net.inet.ip.forwarding to 0 on certain network events.
> > 
> >         ---Mike
> 
> Mike,
> thanks for your suggestion.
> I have gateway_enable="YES" set in /etc/rc.conf
> Is there anything else I miss?
> 
> Here's the /etc/rc.conf itself:
> defaultrouter=172.16.0.1
> ifconfig_hn0="inet 172.16.0.3 netmask 255.255.255.0"
> ifconfig_hn0_alias0="inet 172.16.0.4 netmask 255.255.255.255" 
> ifconfig_hn1="inet 172.16.1.1 netmask 255.255.255.0"
> ifconfig_hn1_alias0="inet 172.16.1.7 netmask 255.255.255.255" 
> gateway_enable="YES"
> pf_enable="YES"
> pflog_enable="YES"
> sshd_enable="YES"
> ntpd_enable="YES"
> ntpd_sync_on_start="YES"
> cron_enable="YES"
> cron_flags="-j 60 -J 60"
> syslogd_flags="-ss"
> sendmail_enable="NO"
> sendmail_submit_enable="NO"
> sendmail_outbound_enable="NO"
> sendmail_msp_queue_enable="NO"
> accounting_enable="YES"
> tcp_drop_synfin="YES"
> icmp_drop_redirect="YES"
> clear_tmp_enable="YES"
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"

I know this sounds obvious but do you have

device		pf
device		pflog

in your kernel? or pf.ko loaded ?

-- 
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio.... YET!!]
 
"UNIX was not designed to stop you from doing stupid things, 
because that would also stop you from doing clever things."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150903114614.17c98a13>