From owner-freebsd-stable@FreeBSD.ORG Tue Oct 14 11:41:01 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3ECC616A4B3 for ; Tue, 14 Oct 2003 11:41:01 -0700 (PDT) Received: from mail.whatistruth.net (h-66-166-44-252.STTNWAHO.covad.net [66.166.44.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 34EBB43FA3 for ; Tue, 14 Oct 2003 11:40:58 -0700 (PDT) (envelope-from odyseus00@whatistruth.net) Received: from whatistruth.net (unknown [192.168.1.2]) by mail.whatistruth.net (Postfix) with ESMTP id 8A18A26D for ; Tue, 14 Oct 2003 11:40:57 -0700 (PDT) Message-ID: <3F8C4339.5000509@whatistruth.net> Date: Tue, 14 Oct 2003 11:40:57 -0700 From: DavidB User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <10390000.1066022394@lerlaptop.lerctr.org> <20031013140359.5e3ba652.cpressey@catseye.mine.nu> <58210000.1066091152@lerlaptop.lerctr.org> In-Reply-To: <58210000.1066091152@lerlaptop.lerctr.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: IPNAT/Slow TCP/Pings fine/4.8-REL X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 18:41:01 -0000 Larry Rosenman wrote: > > > --On Monday, October 13, 2003 14:03:59 -0700 Chris Pressey > wrote: > >> On Mon, 13 Oct 2003 00:19:54 -0500 >> Larry Rosenman wrote: >> >>> I was trying(!) to help a friend out, and built a 4.8-REL box >>> to play Router/NAT and it's ALMOST working. I can't seem to telnet/surf >>> from NAT'd addresses, but PING works fine. >>> [...] >>> What am I missing? What else do you/I need? > > This was with the ipfilter ipnat. I tried ipfw, and had the IPDIVERT > and the same symptoms. > > What's got me is the fact that I can PING, and apparently do DNS > lookups, but TCP just doesn't. :-( > > LER > >>> >>> THanks for any QUICK replies! >> >> >> "options IPDIVERT" in your kernel config...? >> >> -Chris >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > > > If you would post this to freebsd-questions you would probably get better service, since it is most likely a configuration issue. And yes, it is my understanding that IPDIVERT is not needed for IPFILTER and ipnat. anyone? the rc.conf gateway_enable option and setting the sysctl forwarding option do the same thing, someone more knowledgeable can answer to that one. Oh, I just checked it sets the forwarding but not fastforwarding. So you need either method you choose, both is redundant. You are not very descriptive: can ping? ping [ip.num.for.localhost] or ping [ip.num.for.externalhost] or ping [host.domain.tld] apparently do name lookups?? are you getting good results from nslookup www.abcnews.com or such? I think there is a top like command line option for ipfilter you can use to see what ipfilter is doing, but I am not sure if it is helpful with ipnat. posting to questions instead, I think is appropriate. Have a good day, David