problem with ipfilter(ipnat)
nvass at teledomenet.gr
Wed Apr 12 12:36:35 UTC 2006
On Wednesday 12 April 2006 11:34, Arnold Lee wrote:
> I am in a small lan and want to use fb 6.0 as a router to share internet
> access. I use mpd 3.18 to dial adsl on demand. I configured ipnat with :
> map rl0 10.0.0.0/8 -> 0.0.0.0/32 portmap tcp/udp auto
> map rl0 10.0.0.0/8 -> 0.0.0.0/32
> And then I use my client compute(windows 2000 Pro) to access internet, it
> seems ok, but soon I realize that there are some websites I can not access!
> For example, www.chinaunix.net is unacessable! So are some ftp sites such
> as ftp.freebsd.org. It must be a problem of the FB6 box, because if i
> access internet directly from the win2000 box, all those sites above is ok
> ! what is wrong? By the way, I donot use ipfirewall and other firewall, and
> in rc.conf, I wrote "ipfilter_enable = NO, ipnat_enable= YES". Can you help
I can try. It might be a PMTU problem. A quick way testing PMTU
related problems is setting a small (below 1400) MTU on your nic.
If you have another Unix-like OS on your lan(besides your router)
you can try a smaller MTU like this "ifconfig nic mtu 1000" and see
what's going on. If you don't have another Unix-like OS, go to step 2
(Windows can also change MTU size but the procedure is not that
simple, google for it if you want it).
2) I recall that I have seen something relative in ipf. It's here:
a quick search in man 5 ipf.conf for "clamp" returned no results, but
that's the case for NetBSD man aswell. I guess it is not documented in
the manual. Try it.
there is also ng_tcpmss(4), which does the job and is what I have used
in the past with success
there are other sollutions too(an mpd option, is it working? a daemon
(tcpmssd)) but I am not familar with...
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions