Changes To nat-ing Behaviour?
Tim Daneliuk
tundra at tundraware.com
Sat Apr 18 21:39:53 UTC 2020
On 4/18/20 3:43 PM, Tim Daneliuk wrote:
> On 4/18/20 12:51 PM, Michael Sierchio wrote:
>> Showing your ruleset would allow us to comment meaningfully.
>
> Not sure exactly which ruleset but ... Here are the kernel opts:
>
> options IPFIREWALL
> options IPDIVERT
>
>
> Here is the natd.conf:
>
> use_sockets
> port natd
> same_ports
> unregistered_only
>
>
> This is the ruleset in the firewall up to the point NAT gets enabled.
> re0 is outward facing, em0 is internal LAN:
>
> 0001 4 715 allow icmp from any to any icmptypes 0,3,4,8,11,12
> 00100 24 1958 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 00400 0 0 deny ip from 192.168.0.0/24 to any in via re0
> 00500 0 0 deny ip from 75.145.138.73 to any in via em0
> 00600 0 0 deny ip from any to 10.0.0.0/8 via re0
> 00700 0 0 deny ip from any to 172.16.0.0/12 via re0
> 00800 0 0 deny ip from any to 192.168.0.0/16 via re0
> 00900 0 0 deny ip from any to 0.0.0.0/8 via re0
> 01000 0 0 deny ip from any to 169.254.0.0/16 via re0
> 01100 0 0 deny ip from any to 192.0.2.0/24 via re0
> 01200 1 32 deny ip from any to 224.0.0.0/4 via re0
> 01300 0 0 deny ip from any to 240.0.0.0/4 via re0
> 01400 1011 97774 divert 8668 ip from any to any via re0
>
> As I said, these rules have not changed for an eternity so not sure
> what is going on here.
Oh nevermind ....
It looks like this is NIC related and was hiding behind what appeared to
be a NATing problem.
Apologies for bothering all ..
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list