From owner-freebsd-questions  Tue Nov 24 09:11:02 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA13544
          for freebsd-questions-outgoing; Tue, 24 Nov 1998 09:11:02 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from spook.navinet.net (spook.navinet.net [206.25.93.69])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA13538
          for <freebsd-questions@FreeBSD.ORG>; Tue, 24 Nov 1998 09:11:00 -0800 (PST)
          (envelope-from forrie@navinet.net)
Received: from forrie (black.navinet.net [206.25.93.86])
	by spook.navinet.net (8.9.1/8.9.1) with SMTP id MAA05155;
	Tue, 24 Nov 1998 12:10:56 -0500 (EST)
Message-Id: <4.1.19981124114820.00abc740@206.25.93.69>
X-Sender: forrie@206.25.93.8
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Tue, 24 Nov 1998 11:49:26 -0500
To: Dan Busarow <dan@dpcsys.com>, Paul Dekkers <psd@cgu.nl>
From: Forrest Aldrich <forrie@navinet.net>
Subject: Re: natd: what's wrong?
Cc: FreeBSD Mailinglist <freebsd-questions@FreeBSD.ORG>
In-Reply-To: <Pine.BSF.3.96.981124085032.879A-100000@java.dpcsys.com>
References: <Pine.BSF.3.96.981124095858.6215A-100000@chippie.cgu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

It works, as long as you don't have any firewall rules.  I've tried
everything.   Perhaps there's a bug in the networking code somewhere?

The lack of response here suggests that it's time to fire up Linux/ipfwadm.
At least that worked.



Forrest

At 09:03 AM 11/24/98 -0800, Dan Busarow wrote:
>On Tue, 24 Nov 1998, Paul Dekkers wrote:
>> | Do you have IP forwarding enabled in rc.conf?  What firewall type
>> | do you have in rc.conf?
>> 
>> Yes, however forward_sourceroute=NO, is that wrong?
>
>No, that's what you want.
>
>> I have no firewall in rc.conf
>> I have a default policy to enable all trafic, and in rc.local I have my
>> divert rule...
>
>My reading of the man pages suggests that running a firewall is not
>optional.  You need to run ipfw.  You can set the type to open which
>enforces your enable all policy.
>
>Set firewall_enable to YES and firewall_type to OPEN in rc.conf and
>move the divert rule from rc.local to rc.firewall (as the first line
>of the OPEN section).
>
>Dan
>-- 
> Dan Busarow                                                  949 443 4172
> Dana Point Communications, Inc.                            dan@dpcsys.com
> Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message