Do i need both sysctl -w net.inet.ip.forwarding=1 and gateway_enable="yes"
to get ip.forwarding to work?
//Jan
Jan Rockstedt wrote:
# ipfstat -iohn
639 @1 pass out quick on xl0 proto tcp from any to any keep state
2059 @2 pass out quick on xl0 proto udp from any to any keep state
0 @3 pass out quick on xl0 proto icmp from any to any keep state
0 @4 block out quick on xl0 all
0 @5 pass out quick on tun0 proto tcp from any to any keep state
0 @6 pass out quick on tun0 proto udp from any to any keep state
0 @7 pass out quick on tun0 proto icmp from any to any keep state
0 @8 pass out quick on xl1 proto tcp from any to any keep state
0 @9 pass out quick on xl1 proto udp from any to any keep state
0 @10 pass out quick on xl1 proto icmp from any to any keep state
0 @11 block out quick on xl1 all
0 @12 pass out quick on lo0 all
19 @1 pass in on xl0 proto tcp/udp from any to 192.168.1.52/32 port =
rmt keep state
0 @2 pass in quick on tun0 proto tcp from any to any keep state
0 @3 pass in quick on tun0 proto udp from any to any keep state
0 @4 pass in quick on tun0 proto icmp from any to any keep state
0 @5 block in log quick on xl0 from 192.168.0.0/16 to any
0 @6 block in log quick on xl0 from 172.16.0.0/12 to any
0 @7 block in log quick on xl0 from 10.0.0.0/8 to any
0 @8 block in log quick on xl0 from 127.0.0.0/8 to any
0 @9 block in log quick on xl0 from 0.0.0.0/8 to any
0 @10 block in log quick on xl0 from 169.254.0.0/16 to any
0 @11 block in log quick on xl0 from 192.0.2.0/24 to any
0 @12 block in log quick on xl0 from 204.152.64.0/23 to any
0 @13 block in quick on xl0 from 224.0.0.0/3 to any
1 @14 pass in quick on xl0 proto tcp from any to any port = http flags
S/FSRPAU keep state keep frags
386 @15 pass in quick on xl0 proto tcp from any to any port = ssh
flags S/FSRPAU keep state keep frags
0 @16 pass in quick on xl0 proto tcp from any to any port = ftp-data
flags S/FSRPAU keep state keep frags
1 @17 pass in quick on xl0 proto tcp from any to any port = ftp flags
S/FSRPAU keep state keep frags
1199 @18 block return-rst in log quick on xl0 proto tcp from any to
any 260 @19 block return-icmp-as-dest(port-unr) in log quick on xl0
proto udp from any to any
1 @20 block in log quick on xl0 all
112 @21 pass in quick on xl1 proto tcp from any to any keep state
42 @22 pass in quick on xl1 proto udp from any to any keep state
0 @23 pass in quick on xl1 proto icmp from any to any keep state
0 @24 block in quick on xl1 all
0 @25 pass in quick on lo0 all
#
Ip-forwarding how do i check this?
My /etc/sysctl.conf have no net.inet.ip.forwarding=1
Default routing on node 192.168.1.52 is my BSD pc.
Let my get back to you about telnet from the firewall and the ipmon.
//Jan
Larry Moore wrote:
Hmm,
No listing of ipf rules. Perhaps output from ipfstat -iohn would be a
start. If ipmon is running is anything being logged?
The obvious check is that ip-forwarding is enabled. If it isn't then
it ain't going to work irrespective what is listed from ipnat -l.
If you telnet from the firewall to port 411 at 192.168.1.52, does
that work?
What do you have setup for routing on node 192.168.1.52, does it have
a default route?
Larry.
----- Original Message -----
From: "Jan Rockstedt" <[EMAIL PROTECTED]>
To: "Jett Tayer" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Monday, February 27, 2006 3:53 PM
Subject: Re: open port 411 internet to lan pc
Thanks Jett!
It was a typo errror in my email.
I already have rdr xl0 0.0.0.0/0 port 411 -> 192.168.1.52 port 411
tcp/udp in ipnat.
Any other sugestion?
//Jan
Jett Tayer wrote:
You must define port 411 in ipnat.conf
rdr xl0 0.0.0.0/0 port 411 -> 192.168.1.52 port 411 tcp/udp
On Sat, 2006-02-25 at 23:02 +0100, Janne Rockstedt wrote:
Hi all!
I wan't to open port 411 from the internet to a lan pc.
I think that ipnat is work ok but my fw is blocking.
Any sugestion for the problem?
//Jan
uname = FreeBSD 6.0-RELEASE-p4
# ipnat -l
List of active MAP/Redirect filters:
map xl0 192.168.1.0/24 -> 0.0.0.0/32
rdr xl0 0.0.0.0/0 port 466 -> 192.168.1.52 port 466 tcp/udp
List of active sessions:
RDR 192.168.1.52 411 <- -> 217.210.57.236 411
[84.217.65.221 62373]
RDR 192.168.1.52 411 <- -> 217.210.57.236 411
[213.65.160.198 3351]
RDR 192.168.1.52 411 <- -> 217.210.57.236 411
[80.98.62.116
