From owner-freebsd-questions@FreeBSD.ORG Thu Apr 22 07:02:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F13B16A4CF for ; Thu, 22 Apr 2004 07:02:12 -0700 (PDT) Received: from smtp2.experience.com (shields.experience.com [64.94.244.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E71743D1F for ; Thu, 22 Apr 2004 07:02:12 -0700 (PDT) (envelope-from cs@ctzen.com) Received: from cchang (rpaushter.experience.com [10.50.4.40]) by smtp2.experience.com (Postfix) with SMTP id 52C159AA3D; Thu, 22 Apr 2004 10:02:11 -0400 (EDT) Message-ID: <008a01c42872$684dd2d0$2804320a@cchang> From: "Chiang Seng Chang" To: "Vince Hoffman" References: <20040420204553.GA3225@europa.ctzen.com> <20040421102544.E22773@unsane.co.uk> Date: Thu, 22 Apr 2004 10:02:11 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-questions@freebsd.org Subject: Re: iptables to ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Apr 2004 14:02:12 -0000 Thanks, everything is working now. It turns out that openvpn configures tun0 with too small a MTU which causes the "black hole router" effect (i think). Problems occured like able to net use samba share but unable to list files, etc. Once the MTU was upped, all seems to work now. -cs > > On Tue, 20 Apr 2004, Chiang Seng Chang wrote: > > > hi, > > > > anyone knows what is the equivalent of these in ipfw ? > > > > iptables -t nat -A POSTROUTING -s 10.1.0.2/32 -o eth0 -j MASQUERADE > > iptables -t nat -A POSTROUTING -s 10.50.4.0/22 -o eth0 -j MASQUERADE > > > > it's for openvpn using tun0. > > > > i have setup natd using: > > > > ipfw add divert natd all from any to any via dc0 > > > > and it is working. > > > > but i would like to be more specific so that i am not nat'ing unnecessary. > > > > tried without success: > > > > ipfw add divert natd all from 10.1.0.1/32 to any via dc0 > > ipfw add divert natd all from 10.50.4.0/22 to any via dc0 > > > try > (from natd man page) > > -unregistered_only | -u > Only alter outgoing packets with an unregistered source > address. According to RFC 1918, unregistered source > addresses are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. > > > as an extra flag to natd > > > > thanks and regards. > > > > -cs > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >