From owner-freebsd-questions@FreeBSD.ORG Thu Mar 20 04:06:57 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02E8F106567B for ; Thu, 20 Mar 2008 04:06:57 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id D55D78FC27 for ; Thu, 20 Mar 2008 04:06:56 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 4D78F3C04C0; Wed, 19 Mar 2008 21:06:56 -0700 (PDT) Date: Wed, 19 Mar 2008 21:06:56 -0700 From: Christopher Cowart To: Robert Huff Message-ID: <20080320040656.GN39509@hal.rescomp.berkeley.edu> Mail-Followup-To: Robert Huff , questions@freebsd.org References: <18401.29043.824662.173177@jerusalem.litteratus.org> <18401.30778.630307.932644@jerusalem.litteratus.org> <18401.31783.343088.197533@jerusalem.litteratus.org> <20080319205600.GJ39509@hal.rescomp.berkeley.edu> <18401.33813.132534.954227@jerusalem.litteratus.org> <20080319231859.GM39509@hal.rescomp.berkeley.edu> <18401.41909.143191.499557@jerusalem.litteratus.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Zbynv6TNPa9FrOf6" Content-Disposition: inline In-Reply-To: <18401.41909.143191.499557@jerusalem.litteratus.org> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.16 (2007-06-09) Cc: questions@freebsd.org Subject: Re: (more) confusion configuring NAT X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Mar 2008 04:06:57 -0000 --Zbynv6TNPa9FrOf6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Robert Huff wrote: > Christopher Cowart writes: >> Do you have gateway_enable=3D"YES" in your /etc/rc.conf? >=20 > huff@>> grep gate /etc/rc.conf > gateway_enable=3D"YES" >=20 >> $ sysctl -a net.inet.ip.forwarding=20 >> net.inet.ip.forwarding: 1 >=20 > huff@>> sysctl -a net.inet.ip.forwarding > net.inet.ip.forwarding: 1 >=20 >=20 >> Is the interface mentioned in the nat config the interface with the >> public IP? >=20 > em0 connects to the cable modem. >=20 >> Try putting `$CMD count log ip from any to any' rules to see if traffic >> is matching where you expect it to; >=20 > Where do I find the results of this Typically /var/log/security. Assuming you have IPFIREWALL_VERBOSE in your kernel config. --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --Zbynv6TNPa9FrOf6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iQIVAwUBR+Hi4CPHEDszU3zYAQKH1A//YhqnABwz76NbagV5NgFDxEtMdXrrvHf2 Z763xdZXmpwOeyzsDue0pQ1XBVLs+SrXZcIBYeqd101gg+47plSlbMcdzlalA5Ie xMGBV+7JQetjcC2LbG8SxJYia2yNqZyIYnYn9Fipjc+CXNBLSezDHc29HdT1/q4M BSGN6sc5HKDoLNvtGzn/MwLRIFrB2Fm6ihxkdCoVqMj4DhCuQUD/HZOhNA19V/WF 9m8vZ4P7T0mHAUBBh9StKjsriFzwpazABVKDj2UZFQ5kpYFExHzGdlqi0T/KFIhR NqG2/+BKWtUdjcGnmdYq9rWaQeGUKVxw2qF74rjlKu0CEXCcxq0mGJI+9a02Oh1a y6kWu62OEczf/Eg/lN1Z31UC7+PELsY+S8Rs4Vdy9rbVgA2adyG48rLYJ9WQklD4 zpK0y6vGOEH8tf+S8Ws5br4yknZ4pnQQqIIAiGhBr3EUqKX1/C6HUjdaI3HMjAK2 mF7ELZhis7xBICv/TQALowCieBVMg1ayxZNP6POP62rGBL/WQvnsWWqZHzjZ9ywb BxqBgmNLHymuqNnfzQUZZr7B9T6bC04Or516Sl6Y+UFdqMoVFYrBhYvSxmG96USc ntDmRXgMbOY3IxES+6w3kZoRFxomC5oLkRH7sthGde/h0++cDqdpycLfw57mRFxz qnQzedCDXT8= =ziZI -----END PGP SIGNATURE----- --Zbynv6TNPa9FrOf6--