--On Tuesday, October 14, 2003 11:40:57 -0700 DavidB <[EMAIL PROTECTED]> wrote:

Larry Rosenman wrote:

If you would post this to freebsd-questions you would probably get better service, since it is most likely a configuration issue.
I did post to -questions as well.

And yes, it is my understanding that IPDIVERT is not needed for IPFILTER and ipnat. anyone?
Yes, I've verified it.

the rc.conf gateway_enable option and setting the sysctl forwarding option do the same thing, someone more knowledgeable can answer to that one. Oh, I just checked it sets the forwarding but not fastforwarding. So you need either method you choose, both is redundant.
Wasn't sure about that. Thanks.

You are not very descriptive: can ping? ping [ip.num.for.localhost] or ping [ip.num.for.externalhost] or ping [host.domain.tld]
ping local, ping external-ip, ping name.of.external all work.

apparently do name lookups?? are you getting good results from nslookup www.abcnews.com or such?
host www.lerctr.org works (from a non-auth resolver for it).

I think there is a top like command line option for ipfilter you can use to see what ipfilter is doing, but I am not sure if it is helpful with ipnat.
Didn't seem to get it. I did do a ipnat -l and SAW THE TRANSLATION.

I also could telnet to the same destination from directly on the
fw/router box, and saw the session. :-(

posting to questions instead, I think is appropriate.
Will follow-up there.

Have a good day,

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

-- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to