ipfw + NAT doesn't work

Thu Sep 17 18:31:32 UTC 2009

Здравствуйте, Ruben.

>>       If not ... how do I figure out what's wrong?
What is your ipfw rules?

Вы писали 17 сентября 2009 г., 20:45:01:

RdG> On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>> 
>>       I have a machine running
>> 
>> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64 
>> 
>>       It has this in the config file for the running kernel:
>> 
>> options  IPFIREWALL              #firewall
>> options  IPFIREWALL_VERBOSE      #enable logging to syslogd(8)
>> options  IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
>> options  IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
>> options  IPFIREWALL_NAT          #ipfw kernel nat support
>> options  LIBALIAS 
>> 
>>       It (10.0.0.1) connects correctly to another machine (10.0.0.3);
>> I know because .3 mounts one of .1's disks using Samba.
>>       With the ipfw rules appended below, I can't NAT, nor should I
>> be able to.  ("em0" faces the Internet; "em1" faces the other
>> machine.)
>>       However: using these I still can't get through

RdG> Through to what? You seem to be able to connect on a local subnet, but
RdG> not to the internet through NAT, which you say is ok, because you shouldn't ?
RdG> Please explain exactly what you want to do.

>>       Have I forgotten something?  Or misunderstood something?
>>       If not ... how do I figure out what's wrong?

RdG> /var/log/security is a good place to start, as your config seems to log allmost
RdG> all denies.
RdG> BTW, CURRENT is a development branch.  Fine if you want to run it, but you
RdG> should do some basic debugging yourself before posting problems with it. And
RdG> then the -questions list is probably not the best place to find answers.

-- 
С уважением,
 Коньков                          mailto:kes-kes at yandex.ru