From owner-freebsd-questions@FreeBSD.ORG Tue Jul 20 18:43:26 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F5161065779 for ; Tue, 20 Jul 2010 18:43:24 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id ADEDA8FC1D for ; Tue, 20 Jul 2010 18:43:23 +0000 (UTC) Received: by wwe15 with SMTP id 15so743020wwe.31 for ; Tue, 20 Jul 2010 11:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:reply-to :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=ud2kdUgbMWKsppxRo1cQbV5UETl1fMbI3/5emT4eVws=; b=Gzb1daQCPaG+XkVmRIaT8/TrxcBcXV0adYWhw4VYk9szpJ0XkAAuMmmq3Xaqtd4Mm1 bWt0jY6CYJGyzzUAwXH1nQvCkXQxxDHcyNwPQtpB6N/YVS1KXvLGOEcVGgwNKAUW/3yl 3i5PU+6hrpI1CxmZ6i903ATfJUmas4ghHuHfs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:content-transfer-encoding; b=QL1miepEy0qRrvEQ3lTyKe57mD8nwGKj43pKV8g51qmw8L2vBTs9pvi/daikfWgS/u jISo1HDxcR2Qj18EHc11W2guSr63Uxs1xAql2ZezO0+MLy/BUo6WdURZoi57QlfhR4KE 0/SmECsFdUWdrTp91R1FC28uuoVlenA6w8FC8= MIME-Version: 1.0 Received: by 10.227.129.84 with SMTP id n20mr5968573wbs.61.1279651399020; Tue, 20 Jul 2010 11:43:19 -0700 (PDT) Received: by 10.216.229.202 with HTTP; Tue, 20 Jul 2010 11:43:18 -0700 (PDT) In-Reply-To: <4C45E7EA.7090403@comclark.com> References: <4C3F91CF.5090206@locolomo.org> <4C419944.8030702@locolomo.org> <4C447F7F.6020308@locolomo.org> <4C45CBA3.9020800@comclark.com> <4C45E7EA.7090403@comclark.com> Date: Tue, 20 Jul 2010 14:43:18 -0400 Message-ID: From: alexus To: Aiza Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: google@alexus.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jul 2010 18:43:26 -0000 On Tue, Jul 20, 2010 at 2:16 PM, Aiza wrote: > alexus wrote: >>> >>> =C2=A0su-3.2# grep ^firewall /etc/rc.conf >>> =C2=A0firewall_enable=3D"YES" >>> =C2=A0firewall_type=3D"open" >>> >>> =C2=A0su-3.2# grep ^ip /etc/rc.conf >>> =C2=A0ipfilter_enable=3D"YES" >>> =C2=A0ipmon_enable=3D"YES" >>> =C2=A0ipnat_enable=3D"YES" >>> =C2=A0ipnat_flags=3D"-d" >>> >>> This is not good. >>> You are running 2 different firewalls at the same time. >>> comment out >>> firewall_enable=3D"YES" >>> firewall_type=3D"open" >>> >>> and reboot your system. >>> >>> >> >> do you know that for a fact or you just guessing?? >> >> because first of all it worked before just fine with 2 firewalls >> second i disabled firewall, so firewall is no longer an issue >> third i have another system just like that that runs 2 firewall and >> everything working just fine! >> >> if you dont know the answer there is no need to throw just any answer >> as its pretty clear that this isn't the right answer >> > Just because 2 firewalls at same time didn't blow up in your face before, > sure don't mean they are working correctly. Thats one bad assumption to b= ase > debugging on. i never had any problem doing so, not that i'm saying it's a smart thing to= do i'm well aware of that, and as i mention before both firewall doing different purposes its not like i'm filtering packets with both firewalls at the same time. > Jumping in my face, questioning the free advice given, sure makes you loo= k > foolish. You should read the handbook firewall section before opening you= r > month and sticking your foot into it. i wasn't jumping in your face, i just outline some of the facts. i'm asking help here, there is no point for me to jump anyone. > People on this list will stop helping if you turn on them and bit the han= d > that feeds you. > > And another thing. Network access for a jail is not controlled by the hos= ts > firewall. You need to look else where for your jail network access soluti= on. my jail has a private IP address, so in order to get to my jail you need to go through public IP and that being hosted within host environment jail itself seem like it's functional fine as i can ssh into jail from host environment so my guess i gotta look somewhere inside of ipnat, since ipnat is responsible for routing packets from/to jail > If your attitude was not so XXXXXXX, I could have told you the solution, = but > now go learn it the hard way. i'm sorry you feel that way, surely didn't mean anything bad by outlining f= acts. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > --=20 http://alexus.org/