iptables to ipfw
Chiang Seng Chang
cs at ctzen.com
Thu Apr 22 07:02:12 PDT 2004
Thanks, everything is working now.
It turns out that openvpn configures tun0 with too small a MTU which causes
the "black hole router" effect (i think). Problems occured like able to net
use samba share but unable to list files, etc. Once the MTU was upped, all
seems to work now.
-cs
>
> On Tue, 20 Apr 2004, Chiang Seng Chang wrote:
>
> > hi,
> >
> > anyone knows what is the equivalent of these in ipfw ?
> >
> > iptables -t nat -A POSTROUTING -s 10.1.0.2/32 -o eth0 -j MASQUERADE
> > iptables -t nat -A POSTROUTING -s 10.50.4.0/22 -o eth0 -j MASQUERADE
> >
> > it's for openvpn using tun0.
> >
> > i have setup natd using:
> >
> > ipfw add divert natd all from any to any via dc0
> >
> > and it is working.
> >
> > but i would like to be more specific so that i am not nat'ing
unnecessary.
> >
> > tried without success:
> >
> > ipfw add divert natd all from 10.1.0.1/32 to any via dc0
> > ipfw add divert natd all from 10.50.4.0/22 to any via dc0
> >
> try
> (from natd man page)
>
> -unregistered_only | -u
> Only alter outgoing packets with an unregistered source
> address. According to RFC 1918, unregistered source
> addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
>
>
> as an extra flag to natd
>
>
> > thanks and regards.
> >
> > -cs
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list