Date: Thu, 17 Sep 2009 19:45:01 +0200 From: Ruben de Groot <mail25@bzerk.org> To: Robert Huff <roberthuff@rcn.com> Cc: questions@freebsd.org Subject: Re: ipfw + NAT doesn't work Message-ID: <20090917174501.GA34712@ei.bzerk.org> In-Reply-To: <19122.17463.670129.782291@jerusalem.litteratus.org> References: <19122.17463.670129.782291@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>
> I have a machine running
>
> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64
>
> It has this in the config file for the running kernel:
>
> options IPFIREWALL #firewall
> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
> options IPFIREWALL_NAT #ipfw kernel nat support
> options LIBALIAS
>
> It (10.0.0.1) connects correctly to another machine (10.0.0.3);
> I know because .3 mounts one of .1's disks using Samba.
> With the ipfw rules appended below, I can't NAT, nor should I
> be able to. ("em0" faces the Internet; "em1" faces the other
> machine.)
> However: using these I still can't get through
Through to what? You seem to be able to connect on a local subnet, but
not to the internet through NAT, which you say is ok, because you shouldn't ?
Please explain exactly what you want to do.
> Have I forgotten something? Or misunderstood something?
> If not ... how do I figure out what's wrong?
/var/log/security is a good place to start, as your config seems to log allmost
all denies.
BTW, CURRENT is a development branch. Fine if you want to run it, but you
should do some basic debugging yourself before posting problems with it. And
then the -questions list is probably not the best place to find answers.
regards,
Ruben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090917174501.GA34712>