ipfilter on 6.1
J.D. Bronson
jbronson at wixb.com
Sat Aug 26 20:32:28 UTC 2006
I got a full load of 6.1p4 installed and all built. I have pppoe and
ipfilter running almost perfect.
Clients can use the machine (as a router) and get out perfectly!
No issues with network performance at all. I am very pleased...until...
I found out that the router itself cant get out 100%.
My ipconfig is basically this:
bge0 - 10.43.82.174
alias 10.43.82.171 - for bind9 views
alias 10.43.82.51 - for bind9 views
bge1 - connected to dsl modem
well I cant even telnet from the machine to itself!
'destination unreachable'
DNS requests from the server itself (to itself - it runs bind) are
unanswered yet it is able to fully answer requests from internal or
external clients...just not itself!
If I use a public DNS server -or- use the IP of the machine I want to
connect up to, the router is able to get out and uses the correct IP.
I used the same configs from solaris on here (ipf.conf and ipnat.conf)
and only needed to change sppp0 to tun0.
this should take care of anything the machine itself needs:
============ipf.conf======================
# Pass LAN traffic to/from bge0
pass in quick on bge0 all keep state keep frags
pass out quick on bge0 all keep state keep frags
# Pass traffic to WAN and keep state
pass out quick on tun0 proto tcp all flags S keep state keep frags
pass out quick on tun0 proto udp all keep state keep frags
pass out quick on tun0 proto icmp all keep state keep frags
==========================================
I am totally baffled. Its like I am being blocked somehow but even
with ipfilter WIDE open - traffic still wont pass.
I am wondering if this is some quirk with the interface
aliases...although running the basic same setup on solaris - it works
perfectly.
-JD
More information about the freebsd-questions
mailing list