Alaor Barroso de Carvalho Neto
alaorneto at gmail.com
Sat Nov 24 07:41:55 PST 2007
2007/11/24, Ian Smith <smithi at nimnet.asn.au>:
> No I didn't mean that; use your own favourite packet filter, any of them
> can handle what you've described. Bill suggested pf - lots of people
> seem to like it a lot - and I use ipfw because I (mostly) know how to.
I always had linux servers, so I'm very familiar with iptables, I don't have
a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter
because I liked the tutorial in the FreeBSD handbook, but I don't know any
features of the others, I even don't know ipfilter yet.
Ok. Pasted output of 'ifconfig' and 'netstat -finet -nr' may help ..
> it's easier to parse familiar machine output than textual descriptions.
My BSD box don't have graphic interface and I must admit I'm suffering to
use it, so that's why I'm transcripting the configs, but I'm gonna change
Dunno. I'd just run tcpdump in a different terminal for each interface
> and watch the traffic; what gets forwarded, or not, what gets translated
> by NAT, or not. As you said, pings are a useful start, as can be adding
> temporary firewall rules to log everything in and out per interface ..
> I know next to nothing about routed(8) and RIP, nor why you might prefer
> it to static and cloned routing, but taking it out of the mix might help
> with debugging until your basic routing and filtering works right?
I think it's hard to be NAT even because I've disabled ipfilter and the
problem still. I thought I would just set gateway_enable="YES" and things
would start working, at least that was how I've seem in the docs, but like
it didn't, I tried to set static routes. I don't know anything about routed
too, I just know that it's supposed to build the routes on demand, or
something like that. I'll copy the result of netstat on monday but the
routes seems to be OK, they're there like they're supposed to be, at least I
think they are right. Probably the problem is very stupid, but I feel like
I've checked everything and I can't find the error, and like I'm not very
familiar with BSD I'm losing my hope. Next week I'll try some things and if
it don't work I think it's time to go back to linux. That's bad because I
liked a lot the freebsd way of do the things.
Thankz the attention guyz, hugs!
More information about the freebsd-questions