> On Wednesday 28 July 2004 15:06, Steve Bertrand wrote: >> > On Wednesday 28 July 2004 14:49, Steve Bertrand wrote: >> >> >> Also, post the relevant ``natd'' line entries in your >> /etc/natd.conf >> >> >> file. >> >> > >> >> > natd.conf doesn't exist. Do you mean rc.conf? Here it is: >> >> > natd_interface="rl0" >> >> > natd_enable="YES" >> >> > >> >> > But I didn't change anything here, and it always worked. >> >> >> >> Indeed, I did mean rc.conf...sorry ;o) >> >> >> >> Now would be a good time to post your fw ruleset. >> > >> > add 00300 divert 8668 ip from any to any >> > add 01300 unreach port tcp from any to any 6699 >> > add 01400 allow log all from any to any via lo0 >> > add 01600 check-state >> Well, I would hate to do this, but for testing purposes, add a rule (very >> briefly)... >> > add 00300 divert 8668 ip from any to any >> > add 01300 unreach port tcp from any to any 6699 >> > add 01400 allow log all from any to any via lo0 >> add 1500 allow log logamount 1000 all from any to any >> and check to see if things are working. Your security log file may indicate where traffic is going whether it is or not. > > Yes, it works, but of course I can't leave this rule in all the time. The SYN/ACK packet that comes back from the remote server is denied by rule > 01900. But it should be allowed by the check-state rule. > >> Also, I know you haven't changed anything, but what does the output from >> this command state?: >> # sysctl net.inet.ip.forwarding > > It is set to 1. I changed this a long time ago.
I figured so...what happens if you add 'keep-state' to rules 20000, 20002 and 20003? Steve > > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"