Date: Sat, 14 Jan 2006 18:01:14 +0200 From: Alexander <shulik_freebsd@matrixhome.net> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-isp@freebsd.org Subject: Re: FreeBSD as Server Message-ID: <43C9204A.1020401@matrixhome.net> In-Reply-To: <20060114131427.GA5349@uk.tiscali.com> References: <375DD163B075E34EA3C10A6286E34A54C1D4B5@exhsto1.se.dataphone.com> <43C7A18D.8060904@centtech.com> <43C7B008.8060404@matrixhome.net> <20060114131427.GA5349@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I think, that ipfw is native for FreeBSD - it works better than other packet filters. Am I right? With ng_nat first trouble was in parameter of mpd - there is set bundle enable compression. Second trouble is next: in example I got next strings: ipfw add 300 netgraph.... any to any.... ipfw add 400 netgraph.... any to any..... In hook netgraph "out" I send only traffic from clients (in example was all traffic). In hook "in" I send all traffic from external interface. But I took a problem with network on server. ping works fine mtr doesn't work telnet <any host> <any port> don't work. But why? When traffic that not be NATed in ng_nat was sent in hook "in" - it must simply out from it? Or no? Where is trouble? Brian Candler пишет: >On Fri, Jan 13, 2006 at 03:50:00PM +0200, Alexander wrote: > > >>Now I try to configure ng_nat. I use example from man ng_nat. Clients >>machine can ping inet hosts, but nothing loaded by http or ftp or other >>tcp protocol. On server packet NATed by not real ip. On other server >>under Linux this packet again NATed by real ip. What can I do with this? >> >> > >Probably easier to use one of the other firewalling techniques to do NAT >rather than manually configure ng_nat. > >Your other options are: >- ipfw + natd (old and venerable) >- ipf >- pf > >My personal favourite is pf (which came from OpenBSD). Configuring NAT is >just one line in /etc/pf.conf. > >Regards, > >Brian. >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C9204A.1020401>