IPNAT/Slow TCP/Pings fine/4.8-REL

[DavidB]

Larry Rosenman wrote:
> 
> 
> --On Monday, October 13, 2003 14:03:59 -0700 Chris Pressey 
> <cpressey at catseye.mine.nu> wrote:
> 
>> On Mon, 13 Oct 2003 00:19:54 -0500
>> Larry Rosenman <ler at lerctr.org> wrote:
>>
>>> I was trying(!) to help a friend out, and built a 4.8-REL box
>>> to play Router/NAT and it's ALMOST working.  I can't seem to telnet/surf
>>> from NAT'd addresses, but PING works fine.
>>> [...]
>>> What am I missing?  What else do you/I need?
> 
> This was with the ipfilter ipnat.  I tried ipfw, and had the IPDIVERT
> and the same symptoms.
> 
> What's got me is the fact that I can PING, and apparently do DNS 
> lookups, but TCP just doesn't. :-(
> 
> LER
> 
>>>
>>> THanks for any QUICK replies!
>>
>>
>> "options IPDIVERT" in your kernel config...?
>>
>> -Chris
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>>
> 
> 
> 

If you would post this to freebsd-questions you would probably get 
better service, since it is most likely a configuration issue.

And yes, it is my understanding that IPDIVERT is not needed for IPFILTER 
and ipnat. anyone?

the rc.conf  gateway_enable option and setting the sysctl forwarding 
option do the same thing, someone more knowledgeable can answer to that 
one.  Oh, I just checked it sets the forwarding but not fastforwarding.
So you need either method you choose, both is redundant.

You are not very descriptive: can ping?  ping [ip.num.for.localhost] or 
ping [ip.num.for.externalhost] or ping [host.domain.tld]

apparently do name lookups??  are you getting good results from
nslookup www.abcnews.com or such?

I think there is a top like command line option for ipfilter you can use 
to see what ipfilter is doing, but I am not sure if it is helpful with 
ipnat.

posting to questions instead, I think is appropriate.

Have a good day,
David