FreeBSD as Server
Alexander
shulik_freebsd at matrixhome.net
Sat Jan 14 07:59:58 PST 2006
I think, that ipfw is native for FreeBSD - it works better than other
packet filters. Am I right?
With ng_nat first trouble was in parameter of mpd - there is set bundle
enable compression. Second trouble is next:
in example I got next strings:
ipfw add 300 netgraph.... any to any....
ipfw add 400 netgraph.... any to any.....
In hook netgraph "out" I send only traffic from clients (in example was
all traffic). In hook "in" I send all traffic from external interface.
But I took a problem with network on server.
ping works fine
mtr doesn't work
telnet <any host> <any port> don't work. But why?
When traffic that not be NATed in ng_nat was sent in hook "in" - it must
simply out from it? Or no? Where is trouble?
Brian Candler пишет:
>On Fri, Jan 13, 2006 at 03:50:00PM +0200, Alexander wrote:
>
>
>>Now I try to configure ng_nat. I use example from man ng_nat. Clients
>>machine can ping inet hosts, but nothing loaded by http or ftp or other
>>tcp protocol. On server packet NATed by not real ip. On other server
>>under Linux this packet again NATed by real ip. What can I do with this?
>>
>>
>
>Probably easier to use one of the other firewalling techniques to do NAT
>rather than manually configure ng_nat.
>
>Your other options are:
>- ipfw + natd (old and venerable)
>- ipf
>- pf
>
>My personal favourite is pf (which came from OpenBSD). Configuring NAT is
>just one line in /etc/pf.conf.
>
>Regards,
>
>Brian.
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>
>
More information about the freebsd-isp
mailing list