ipnat.conf - map and rdr won't work!

alexus alexus at gmail.com
Tue Jul 20 18:43:26 UTC 2010

On Tue, Jul 20, 2010 at 2:16 PM, Aiza <aiza21 at comclark.com> wrote:
> alexus wrote:
>>>  su-3.2# grep ^firewall /etc/rc.conf
>>>  firewall_enable="YES"
>>>  firewall_type="open"
>>>  su-3.2# grep ^ip /etc/rc.conf
>>>  ipfilter_enable="YES"
>>>  ipmon_enable="YES"
>>>  ipnat_enable="YES"
>>>  ipnat_flags="-d"
>>> This is not good.
>>> You are running 2 different firewalls at the same time.
>>> comment out
>>> firewall_enable="YES"
>>> firewall_type="open"
>>> and reboot your system.
>> do you know that for a fact or you just guessing??
>> because first of all it worked before just fine with 2 firewalls
>> second i disabled firewall, so firewall is no longer an issue
>> third i have another system just like that that runs 2 firewall and
>> everything working just fine!
>> if you dont know the answer there is no need to throw just any answer
>> as its pretty clear that this isn't the right answer
> Just because 2 firewalls at same time didn't blow up in your face before,
> sure don't mean they are working correctly. Thats one bad assumption to base
> debugging on.

i never had any problem doing so, not that i'm saying it's a smart thing to do
i'm well aware of that, and as i mention before both firewall doing
different purposes
its not like i'm filtering packets with both firewalls at the same time.

> Jumping in my face, questioning the free advice given, sure makes you look
> foolish. You should read the handbook firewall section before opening your
> month and sticking your foot into it.

i wasn't jumping in your face, i just outline some of the facts.
i'm asking help here, there is no point for me to jump anyone.

> People on this list will stop helping if you turn on them and bit the hand
> that feeds you.
> And another thing. Network access for a jail is not controlled by the hosts
> firewall. You need to look else where for your jail network access solution.

my jail has a private IP address, so in order to get to my jail you
need to go through public IP and that being hosted within host
jail itself seem like it's functional fine as i can ssh into jail from
host environment

so my guess i gotta look somewhere inside of ipnat, since ipnat is
responsible for routing packets from/to jail

> If your attitude was not so XXXXXXX, I could have told you the solution, but
> now go learn it the hard way.

i'm sorry you feel that way, surely didn't mean anything bad by outlining facts.

> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list