smithi at nimnet.asn.au
Sun Nov 25 17:26:21 PST 2007
On Sat, 24 Nov 2007, Alaor Barroso de Carvalho Neto wrote:
> 2007/11/24, Ian Smith <smithi at nimnet.asn.au>:
> > No I didn't mean that; use your own favourite packet filter, any of them
> > can handle what you've described. Bill suggested pf - lots of people
> > seem to like it a lot - and I use ipfw because I (mostly) know how to.
> I always had linux servers, so I'm very familiar with iptables, I don't have
> a favorite BSD firewall yet, so that's why I'm asking. I choose ipfilter
> because I liked the tutorial in the FreeBSD handbook, but I don't know any
> features of the others, I even don't know ipfilter yet.
Yes, I suspect the handbook firewall sections were put together by an
ipfilter fan, even the ipfw section contains some oddities indicating
that, and the pf section so far lacks the basic and with-NAT firewall
setups that might encourage more people unfamiliar with pf to try it.
> Ok. Pasted output of 'ifconfig' and 'netstat -finet -nr' may help ..
> > it's easier to parse familiar machine output than textual descriptions.
> My BSD box don't have graphic interface and I must admit I'm suffering to
> use it, so that's why I'm transcripting the configs, but I'm gonna change
You can mark and copy with the mouse in text terminals on non-X boxes,
at a pinch. I then use (say) ee to save the paste, though of course
it's a lot less tedious working from an xterm with multiple clipboard
buffers .. I've pasted up to 2000 lines from a Konsole at times :)
> Dunno. I'd just run tcpdump in a different terminal for each interface
> > and watch the traffic; what gets forwarded, or not, what gets translated
> > by NAT, or not. As you said, pings are a useful start, as can be adding
> > temporary firewall rules to log everything in and out per interface ..
> > I know next to nothing about routed(8) and RIP, nor why you might prefer
> > it to static and cloned routing, but taking it out of the mix might help
> > with debugging until your basic routing and filtering works right?
> I think it's hard to be NAT even because I've disabled ipfilter and the
> problem still. I thought I would just set gateway_enable="YES" and things
> would start working, at least that was how I've seem in the docs, but like
> it didn't, I tried to set static routes. I don't know anything about routed
> too, I just know that it's supposed to build the routes on demand, or
I think routed might only work in a network that's using RIP throughout,
but that's only from what I've read in Hunt's TCP/IP Network Admin book,
and I've seen next to no discussion of using RIP in recent times. I'm
pretty sure you don't want to run routed(8) and that it would only add
to confusion for anyone trying to help you spot your problem here.
> something like that. I'll copy the result of netstat on monday but the
> routes seems to be OK, they're there like they're supposed to be, at least I
> think they are right. Probably the problem is very stupid, but I feel like
Possibly just a little confusion re how freebsd routing tables are
presented compared to Linux, especially re default routes, perhaps?
> I've checked everything and I can't find the error, and like I'm not very
> familiar with BSD I'm losing my hope. Next week I'll try some things and if
> it don't work I think it's time to go back to linux. That's bad because I
> liked a lot the freebsd way of do the things.
I suggest ending this thread here, and that you come back with a fresh
start on a fresh subject stating again what you want to do, your network
setup and layout, ifconfig and your full IPv4 routing tables, and clear
description of which packets via which interface/s are failing to get to
where you want them to go (and back!). Your original message was fairly
clear about that, though it's got lost in the mists of time by now ..
Don't give up. Perhaps spend a little time browsing the freebsd-net
list to see if that's worth joining for you, if you can't get sufficent
answers here, but with enough basic info I'm sure someone here can help.
More information about the freebsd-questions