ipfilter problems
Angelin Lalev
lalev at sv-bg.com
Mon Apr 4 05:27:27 PDT 2005
Thank You very much!
> Well, the short answer is: there is no keep state in the line
>
> pass in quick on rl0 all
>
> the dns reply you get back times out because your default rule is
> block and there is nowhere in the "in" rules for rl1 that allows the
> reply back.
>
This makes sense... And I probably have done huge mistake...
I thought that these rules are applied two times - once when the packet
is about to enter
"routing logic" and once when it exits "routing logic"
the machine and once when the packet exits the machine (like ipfw).
If that was the case the
rule pass out quick on rl1 all keep state
would do...
> Some recomendations:
>
> 1) I have a bit of dificulty understanding your network setup - why do
> you have two private networks on your external interface? May scetch
> in a diagram.
rl0 is connected to an internet caffe with some game servers. It has
only one IP address
192.168.0.0/24.
rl1 is connected via ethernet to a wireless bridge.
The management address of the wireless bridge (provider's property)
is 10.1.6.1. I added alias addr. 10.1.6.2/24 to the rl1, so I can ping
it to test connectivity.
Recently we have connected some outer clients to the same ethernet
network on wich is the wireless bridge. They have addresses
192.168.5.0/24 and have for gateway the our freebsd machine. They use
squid server on the machine (like the machines on rl0 do) and need
access to some game servers.
More information about the freebsd-questions
mailing list