On Tue, 30 Apr 2013 20:16:59 -0400, Joe wrote: > I have ipfw running inside of a vnet jail on a 9.1-RELEASE host using the > jail(8) definition statements for starting and stopping the vnet jail. As a > side note non-vnet jails are working as expected. > > The host is running a custom kernel with modules and with > options VIMAGE > nooptions SCTP > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10
What steps have you taken during testing to override this ridiculously low limit on logging? Otherwise, after e.g. just 5 pings and 5 ping responses are logged, all logging ceases until issuing 'ipfw resetlog'. > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPFIREWALL_IPDIVERT You'd likely do better using in-kernel NAT; natd doesn't get much love. > options IPFIREWALL_FORWARD > > compiled in. Ian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
