Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 05 Jun 1999 13:34:48 GMT
From:      flec@flec.co.uk (Steven Fletcher)
To:        "Bret A. Ford" <bford@uop.cs.uop.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: NATD difficulties
Message-ID:  <3759263c.45305965@smtp.shellnet.co.uk>
In-Reply-To: <199906050725.AAA00433@uop.cs.uop.edu>
References:  <199906050725.AAA00433@uop.cs.uop.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Jun 1999 00:25:22 -0700 (PDT), you wrote:

>00100 divert 8668 ip from any to any via ed0

Try snipping that ed0 for now.

>With that, I get "ping: sendto: Permission denied" when pinging by IP =
address,
>and messages like "ping: cannot resolve ftp.cdrom.com: Host name lookup =
failure"

Add the following to your kernel:

IPFIREWALL_DEFAULT_TO_ACCEPT

As your packets are probably just being allowed on rule 65000 but denied =
on
rule 65535. (Alternativley, run:

sysctl -w net.inet.ip.fw.one_pass=3D1

To get packets passed only once through the firewall rules.)

Also, just double-check that net.inet.ip.forwarding is 1 as well.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3759263c.45305965>