Struggling with IPFW on CURRENT
Mark Felder
feld at FreeBSD.org
Wed Oct 7 15:10:08 UTC 2015
On Wed, Oct 7, 2015, at 09:43, Dr. Rolf Jansen wrote:
>
>
> You definitely need net.inet.ip.fw.one_pass=0 for statefule IPFW+NAT for
> the IPv4 traffic. IPv6 does not pass NAT anyway and is not affected.
>
> I assume, that you have gateway_enable="YES" and
> ipv6_gateway_enable="YES" in your /etc/rc.conf — sometimes this becomes
> forgotten.
>
> Best regards
>
> Rolf
>
Yes, I do have those. My firewall has been fully functioning in pf for
years, but options for QoS in FreeBSD are poor. OpenBSD's QoS in their
newer pf is great. I've heard enough about dummynet to want to try it
out, but getting the most basic configuration working so I can convert
the rest of my firewall ruleset has been rather painful so far. It
seems I've been missing this rather important sysctl setting because the
traffic hasn't been flowing through my ruleset the way I expected it to.
Thanks for your input!
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-net
mailing list