ipfw + NAT doesn't work
Ruben de Groot
mail25 at bzerk.org
Thu Sep 17 17:45:07 UTC 2009
On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>
> I have a machine running
>
> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64
>
> It has this in the config file for the running kernel:
>
> options IPFIREWALL #firewall
> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
> options IPFIREWALL_NAT #ipfw kernel nat support
> options LIBALIAS
>
> It (10.0.0.1) connects correctly to another machine (10.0.0.3);
> I know because .3 mounts one of .1's disks using Samba.
> With the ipfw rules appended below, I can't NAT, nor should I
> be able to. ("em0" faces the Internet; "em1" faces the other
> machine.)
> However: using these I still can't get through
Through to what? You seem to be able to connect on a local subnet, but
not to the internet through NAT, which you say is ok, because you shouldn't ?
Please explain exactly what you want to do.
> Have I forgotten something? Or misunderstood something?
> If not ... how do I figure out what's wrong?
/var/log/security is a good place to start, as your config seems to log allmost
all denies.
BTW, CURRENT is a development branch. Fine if you want to run it, but you
should do some basic debugging yourself before posting problems with it. And
then the -questions list is probably not the best place to find answers.
regards,
Ruben
More information about the freebsd-questions
mailing list