Date: Thu, 22 Apr 2004 10:02:11 -0400 From: "Chiang Seng Chang" <cs@ctzen.com> To: "Vince Hoffman" <jhary@unsane.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: iptables to ipfw Message-ID: <008a01c42872$684dd2d0$2804320a@cchang> References: <20040420204553.GA3225@europa.ctzen.com> <20040421102544.E22773@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, everything is working now. It turns out that openvpn configures tun0 with too small a MTU which causes the "black hole router" effect (i think). Problems occured like able to net use samba share but unable to list files, etc. Once the MTU was upped, all seems to work now. -cs > > On Tue, 20 Apr 2004, Chiang Seng Chang wrote: > > > hi, > > > > anyone knows what is the equivalent of these in ipfw ? > > > > iptables -t nat -A POSTROUTING -s 10.1.0.2/32 -o eth0 -j MASQUERADE > > iptables -t nat -A POSTROUTING -s 10.50.4.0/22 -o eth0 -j MASQUERADE > > > > it's for openvpn using tun0. > > > > i have setup natd using: > > > > ipfw add divert natd all from any to any via dc0 > > > > and it is working. > > > > but i would like to be more specific so that i am not nat'ing unnecessary. > > > > tried without success: > > > > ipfw add divert natd all from 10.1.0.1/32 to any via dc0 > > ipfw add divert natd all from 10.50.4.0/22 to any via dc0 > > > try > (from natd man page) > > -unregistered_only | -u > Only alter outgoing packets with an unregistered source > address. According to RFC 1918, unregistered source > addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. > > > as an extra flag to natd > > > > thanks and regards. > > > > -cs > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?008a01c42872$684dd2d0$2804320a>