Date: Fri, 4 Sep 2015 12:49:43 +0000 From: Sergey Grigorian <grigorian@theconcept.ru> To: Mario Lobo <lobo@bsd.com.br> Cc: Mike Tancsa <mike@sentex.net>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: RE: 10.2-RELEASE not forwarding packets/NATing with pf Message-ID: <5C137CAA56211A448C4F58E75EFB6266C285E65E@EXCHANGE.lan.theconcept.ru> In-Reply-To: <20150903114614.17c98a13@Papi> References: <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru> <55E84B51.7070103@sentex.net> <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru>, <20150903114614.17c98a13@Papi>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > And here's /etc/sysctl.conf: > > > > > > > > net.inet.ip.forwarding=3D1 > > > > > > > > > Hi, > > > This does not work the way it might have in the past. Make > > > sure you set gateway_enable=3D"YES" > > > in /etc/rc.conf > > > otherwise, devd and /etc/rc.d/routing will reset > > > net.inet.ip.forwarding to 0 on certain network events. > > > > > > ---Mike > > > > Mike, > > thanks for your suggestion. > > I have gateway_enable=3D"YES" set in /etc/rc.conf > > Is there anything else I miss? > > > > Here's the /etc/rc.conf itself: > > defaultrouter=3D172.16.0.1 > > ifconfig_hn0=3D"inet 172.16.0.3 netmask 255.255.255.0" > > ifconfig_hn0_alias0=3D"inet 172.16.0.4 netmask 255.255.255.255" > > ifconfig_hn1=3D"inet 172.16.1.1 netmask 255.255.255.0" > > ifconfig_hn1_alias0=3D"inet 172.16.1.7 netmask 255.255.255.255" > > gateway_enable=3D"YES" > > pf_enable=3D"YES" > > pflog_enable=3D"YES" > > sshd_enable=3D"YES" > > ntpd_enable=3D"YES" > > ntpd_sync_on_start=3D"YES" > > cron_enable=3D"YES" > > cron_flags=3D"-j 60 -J 60" > > syslogd_flags=3D"-ss" > > sendmail_enable=3D"NO" > > sendmail_submit_enable=3D"NO" > > sendmail_outbound_enable=3D"NO" > > sendmail_msp_queue_enable=3D"NO" > > accounting_enable=3D"YES" > > tcp_drop_synfin=3D"YES" > > icmp_drop_redirect=3D"YES" > > clear_tmp_enable=3D"YES" =20 > I know this sounds obvious but do you have >=20 > device pf > device pflog >=20 > in your kernel? or pf.ko loaded ? Mario, I load pf as a module, so pf.ko is loaded. This box runs a stock RELEASE ke= rnel. What confuses me is that this setup works perfectly on 10.1, but stops work= ing the second I boot into the 10.2-RELEASE-p2 kernel.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C137CAA56211A448C4F58E75EFB6266C285E65E>