Date: Sat, 05 Jun 1999 13:34:48 GMT From: flec@flec.co.uk (Steven Fletcher) To: "Bret A. Ford" <bford@uop.cs.uop.edu> Cc: freebsd-questions@freebsd.org Subject: Re: NATD difficulties Message-ID: <3759263c.45305965@smtp.shellnet.co.uk> In-Reply-To: <199906050725.AAA00433@uop.cs.uop.edu> References: <199906050725.AAA00433@uop.cs.uop.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 5 Jun 1999 00:25:22 -0700 (PDT), you wrote: >00100 divert 8668 ip from any to any via ed0 Try snipping that ed0 for now. >With that, I get "ping: sendto: Permission denied" when pinging by IP = address, >and messages like "ping: cannot resolve ftp.cdrom.com: Host name lookup = failure" Add the following to your kernel: IPFIREWALL_DEFAULT_TO_ACCEPT As your packets are probably just being allowed on rule 65000 but denied = on rule 65535. (Alternativley, run: sysctl -w net.inet.ip.fw.one_pass=3D1 To get packets passed only once through the firewall rules.) Also, just double-check that net.inet.ip.forwarding is 1 as well. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3759263c.45305965>