Date: Thu, 17 Sep 2009 19:45:01 +0200 From: Ruben de Groot <mail25@bzerk.org> To: Robert Huff <roberthuff@rcn.com> Cc: questions@freebsd.org Subject: Re: ipfw + NAT doesn't work Message-ID: <20090917174501.GA34712@ei.bzerk.org> In-Reply-To: <19122.17463.670129.782291@jerusalem.litteratus.org> References: <19122.17463.670129.782291@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed: > > I have a machine running > > FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 > > It has this in the config file for the running kernel: > > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default > options IPFIREWALL_NAT #ipfw kernel nat support > options LIBALIAS > > It (10.0.0.1) connects correctly to another machine (10.0.0.3); > I know because .3 mounts one of .1's disks using Samba. > With the ipfw rules appended below, I can't NAT, nor should I > be able to. ("em0" faces the Internet; "em1" faces the other > machine.) > However: using these I still can't get through Through to what? You seem to be able to connect on a local subnet, but not to the internet through NAT, which you say is ok, because you shouldn't ? Please explain exactly what you want to do. > Have I forgotten something? Or misunderstood something? > If not ... how do I figure out what's wrong? /var/log/security is a good place to start, as your config seems to log allmost all denies. BTW, CURRENT is a development branch. Fine if you want to run it, but you should do some basic debugging yourself before posting problems with it. And then the -questions list is probably not the best place to find answers. regards, Ruben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090917174501.GA34712>