ipfilter, ipnat,
and if driver ath [should have been age]: what's just changed?
dacoder
dc at dcoder.net
Sun Mar 1 11:24:09 PST 2009
+++ dacoder [01/03/09 13:17 -0500]:
>updating my system friday from the feb 7 version of 7.1 to the latest broke
>tcp and udp (but *not* icmp) over ipnat, which had worked forever with my
>current ipfilter rules and ipnat mapping rules, which are pretty simple.
>what has changed?
>
>/etc/ipnat.rules:
>
> map age0 10.0.0.0/24 -> <external ip>/32
>
>@ the top of /etc/ipf.rules:
>
> pass out quick on age0 proto tcp/udp from any to any keep state keep
> frags
> pass out quick on age0 proto icmp from any to any keep state keep
> frags
>
>that used to work. now it doesn't, witness ipmon:
>
>01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 -> 10.0.0.253,2914
>PR tcp len 20 48 -AS IN NAT
>
>what's changed? ipf? ipnat? age? am i using an obsolete & therefore
>unworkable set of ipfilter rules? icmp still works, btw.
>
>i'd be grateful for any help.
>
>thx.
>
>david coder
>network engineer emeritus
>ntt/verio
>
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
i meant, of course, age, not ath in my subject line.
sorry for the confusion.
More information about the freebsd-questions
mailing list