ipfw + NAT doesn't work
Коньков Евгений
kes-kes at yandex.ru
Thu Sep 17 18:31:32 UTC 2009
Здравствуйте, Ruben.
>> If not ... how do I figure out what's wrong?
What is your ipfw rules?
Вы писали 17 сентября 2009 г., 20:45:01:
RdG> On Thu, Sep 17, 2009 at 10:14:15AM -0400, Robert Huff typed:
>>
>> I have a machine running
>>
>> FreeBSD 9.0-CURRENT #3: Tue Sep 15 18:49:58 EDT 2009 amd64
>>
>> It has this in the config file for the running kernel:
>>
>> options IPFIREWALL #firewall
>> options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
>> options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
>> options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
>> options IPFIREWALL_NAT #ipfw kernel nat support
>> options LIBALIAS
>>
>> It (10.0.0.1) connects correctly to another machine (10.0.0.3);
>> I know because .3 mounts one of .1's disks using Samba.
>> With the ipfw rules appended below, I can't NAT, nor should I
>> be able to. ("em0" faces the Internet; "em1" faces the other
>> machine.)
>> However: using these I still can't get through
RdG> Through to what? You seem to be able to connect on a local subnet, but
RdG> not to the internet through NAT, which you say is ok, because you shouldn't ?
RdG> Please explain exactly what you want to do.
>> Have I forgotten something? Or misunderstood something?
>> If not ... how do I figure out what's wrong?
RdG> /var/log/security is a good place to start, as your config seems to log allmost
RdG> all denies.
RdG> BTW, CURRENT is a development branch. Fine if you want to run it, but you
RdG> should do some basic debugging yourself before posting problems with it. And
RdG> then the -questions list is probably not the best place to find answers.
--
С уважением,
Коньков mailto:kes-kes at yandex.ru
More information about the freebsd-questions
mailing list