From owner-freebsd-questions Sat Jun 5 6:35:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.shellnet.co.uk (pop3.shellnet.co.uk [194.129.209.14]) by hub.freebsd.org (Postfix) with ESMTP id 3711B14D6B for ; Sat, 5 Jun 1999 06:35:03 -0700 (PDT) (envelope-from flec@flec.co.uk) Received: from dial-25-01.bolton.cspace.co.uk (dial-25-01.bolton.cspace.co.uk [194.128.147.41]) by smtp.shellnet.co.uk (8.9.3/8.9.1-shellnet.stevenf) with SMTP id OAA13164; Sat, 5 Jun 1999 14:34:51 +0100 (BST) Posted-Date: Sat, 5 Jun 1999 14:34:51 +0100 (BST) From: flec@flec.co.uk (Steven Fletcher) To: "Bret A. Ford" Cc: freebsd-questions@freebsd.org Subject: Re: NATD difficulties Date: Sat, 05 Jun 1999 13:34:48 GMT Message-ID: <3759263c.45305965@smtp.shellnet.co.uk> References: <199906050725.AAA00433@uop.cs.uop.edu> In-Reply-To: <199906050725.AAA00433@uop.cs.uop.edu> X-Mailer: Forte Agent 1.5/32.452 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 5 Jun 1999 00:25:22 -0700 (PDT), you wrote: >00100 divert 8668 ip from any to any via ed0 Try snipping that ed0 for now. >With that, I get "ping: sendto: Permission denied" when pinging by IP = address, >and messages like "ping: cannot resolve ftp.cdrom.com: Host name lookup = failure" Add the following to your kernel: IPFIREWALL_DEFAULT_TO_ACCEPT As your packets are probably just being allowed on rule 65000 but denied = on rule 65535. (Alternativley, run: sysctl -w net.inet.ip.fw.one_pass=3D1 To get packets passed only once through the firewall rules.) Also, just double-check that net.inet.ip.forwarding is 1 as well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message