Date: Mon, 04 Apr 2005 15:27:10 +0000 From: Angelin Lalev <lalev@sv-bg.com> To: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter problems Message-ID: <42515CCE.1070505@sv-bg.com> In-Reply-To: <424F1029.6080600@locolomo.org> References: <424E8FE9.1090904@sv-bg.com> <424F1029.6080600@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank You very much! > Well, the short answer is: there is no keep state in the line > > pass in quick on rl0 all > > the dns reply you get back times out because your default rule is > block and there is nowhere in the "in" rules for rl1 that allows the > reply back. > This makes sense... And I probably have done huge mistake... I thought that these rules are applied two times - once when the packet is about to enter "routing logic" and once when it exits "routing logic" the machine and once when the packet exits the machine (like ipfw). If that was the case the rule pass out quick on rl1 all keep state would do... > Some recomendations: > > 1) I have a bit of dificulty understanding your network setup - why do > you have two private networks on your external interface? May scetch > in a diagram. rl0 is connected to an internet caffe with some game servers. It has only one IP address 192.168.0.0/24. rl1 is connected via ethernet to a wireless bridge. The management address of the wireless bridge (provider's property) is 10.1.6.1. I added alias addr. 10.1.6.2/24 to the rl1, so I can ping it to test connectivity. Recently we have connected some outer clients to the same ethernet network on wich is the wireless bridge. They have addresses 192.168.5.0/24 and have for gateway the our freebsd machine. They use squid server on the machine (like the machines on rl0 do) and need access to some game servers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42515CCE.1070505>