Date: Tue, 20 Jul 2010 14:10:44 -0400 From: alexus <alexus@gmail.com> To: Erik Norgaard <norgaard@locolomo.org> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat.conf - map and rdr won't work! Message-ID: <AANLkTinWeyI8TqdvMrxq-aHlHTYrn4at9fPtJ0sLddfq@mail.gmail.com> In-Reply-To: <4C45D6FC.5010601@locolomo.org> References: <AANLkTilVTo36Fzdh2DKAQhRjyDj8MNUuV9dhwvQ7Gf-V@mail.gmail.com> <AANLkTinh0CykJ1Av3f2THPDFOLS0YtYLDvRMHXm_wD3w@mail.gmail.com> <4C3F91CF.5090206@locolomo.org> <AANLkTin6hYyHiG8taifkNHPBtKI0rKOkAaGRYodV1LLC@mail.gmail.com> <4C419944.8030702@locolomo.org> <AANLkTin8H47Z7suztGnWpa8fm-XIagQ6vzlxP85OIT-B@mail.gmail.com> <4C447F7F.6020308@locolomo.org> <AANLkTinM1E2Obrs8VqSsm3S_jcXqbw_Q1YLkc51tgJsS@mail.gmail.com> <4C45CBA3.9020800@comclark.com> <AANLkTileySmaFe4WCud1_MFWXnlHsnNF6DEQUgsmSHE1@mail.gmail.com> <4C45D6FC.5010601@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 20, 2010 at 1:03 PM, Erik Norgaard <norgaard@locolomo.org> wrote: > On 20/07/10 18.37, alexus wrote: > >>> You are running 2 different firewalls at the same time. >>> comment out >>> firewall_enable="YES" >>> firewall_type="open" >>> >>> and reboot your system. >> >> do you know that for a fact or you just guessing?? >> >> because first of all it worked before just fine with 2 firewalls >> second i disabled firewall, so firewall is no longer an issue >> third i have another system just like that that runs 2 firewall and >> everything working just fine! >> >> if you dont know the answer there is no need to throw just any answer >> as its pretty clear that this isn't the right answer > > Regardless of your previous experience, it is a bad idea to have two > different firewalls configured and enabled at the same time. It provides no > additional security and makes debugging a mess. that's why i disabled ipfw for now, as it's only used for traffic shapping and ipfilter used for filtering and it's part of ipnat. > Have you considered the possibility of both ipfw and ipfilter doing both > filtering and nat? not according to ipfw show, it's as open as it gets. su-3.2# ipfw show 00100 2894 283660 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 56006 24726087 allow ip from any to any 65535 0 0 deny ip from any to any su-3.2# > Another thing, I think I've mentioned before, you may have to reload > firewall/nat rules after the jail starts. i tried that but that didn't really solve anything > BR, Erik > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinWeyI8TqdvMrxq-aHlHTYrn4at9fPtJ0sLddfq>