problem with ipfilter(ipnat)
fbsd at a1poweruser.com
Wed Apr 12 12:32:37 UTC 2006
There is nothing wrong with FreeBSD 6.0
It's the way you activated ipf that is wrong.
Ipfilter's ipnat function is not an independent function.
You have to code this in rc.conf
ipfilter_enable = "YES"
ipnat_enable = "YES"
and make sure there is no default ipf.rules file
Then ipf will use its default pass all rule which results in the
ipnat function working with a firewall rule of pass all
Also your nat rules are incorrect.
The special alias 0.0.0.0/32 should be 0/32
The FreeBSD handbook has a good section on ipfilter.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Arnold Lee
Sent: Wednesday, April 12, 2006 4:34 AM
To: freebsd-questions at freebsd.org
Subject: problem with ipfilter(ipnat)
I am in a small lan and want to use fb 6.0 as a router to share
internet access. I use mpd 3.18 to dial adsl on demand. I configured
ipnat with :
map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto
map rl0 10.0.0.0/8 -> 0.0.0.0/32
And then I use my client compute(windows 2000 Pro) to access
internet, it seems ok, but soon I realize that there are some
websites I can not access! For example, www.chinaunix.net is
unacessable! So are some ftp sites such as ftp.freebsd.org. It must
be a problem of the FB6 box, because if i access internet directly
from the win2000 box, all those sites above is ok ! what is wrong?
By the way, I donot use ipfirewall and other firewall, and in
rc.conf, I wrote "ipfilter_enable = NO, ipnat_enable= YES". Can you
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions