From owner-freebsd-questions@freebsd.org Thu Sep 3 14:05:57 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 73E319C9876 for ; Thu, 3 Sep 2015 14:05:57 +0000 (UTC) (envelope-from grigorian@theconcept.ru) Received: from mail.theconcept.ru (mail.theconcept.ru [62.141.91.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.theconcept.ru", Issuer "Concept Issuing CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F2ED31935 for ; Thu, 3 Sep 2015 14:05:56 +0000 (UTC) (envelope-from grigorian@theconcept.ru) From: Sergey Grigorian To: Mike Tancsa , "freebsd-questions@freebsd.org" Subject: RE: 10.2-RELEASE not forwarding packets/NATing with pf Thread-Topic: 10.2-RELEASE not forwarding packets/NATing with pf Thread-Index: AdDmPpAd8dAIyZkgTd2lE3h5r9y0Ev//6dCAgAA7QM4= Date: Thu, 3 Sep 2015 14:04:54 +0000 Message-ID: <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru> References: <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru>, <55E84B51.7070103@sentex.net> In-Reply-To: <55E84B51.7070103@sentex.net> Accept-Language: en-US, ru-RU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-KSE-AntiSpam-Interceptor-Info: internally-submitted e-mail X-KSE-ServerInfo: GATEWAY.lan.theconcept.ru, 9 X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2015 14:05:57 -0000 > On 9/3/2015 7:49 AM, Sergey Grigorian wrote: > > > > And here's /etc/sysctl.conf: > > > > net.inet.ip.forwarding=3D1 > > > Hi, > This does not work the way it might have in the past. Make sure y= ou set > gateway_enable=3D"YES" > in /etc/rc.conf > otherwise, devd and /etc/rc.d/routing will reset net.inet.ip.forwarding > to 0 on certain network events. >=20 > ---Mike Mike, thanks for your suggestion. I have gateway_enable=3D"YES" set in /etc/rc.conf Is there anything else I miss? Here's the /etc/rc.conf itself: defaultrouter=3D172.16.0.1 ifconfig_hn0=3D"inet 172.16.0.3 netmask 255.255.255.0" ifconfig_hn0_alias0=3D"inet 172.16.0.4 netmask 255.255.255.255"=20 ifconfig_hn1=3D"inet 172.16.1.1 netmask 255.255.255.0" ifconfig_hn1_alias0=3D"inet 172.16.1.7 netmask 255.255.255.255"=20 gateway_enable=3D"YES" pf_enable=3D"YES" pflog_enable=3D"YES" sshd_enable=3D"YES" ntpd_enable=3D"YES" ntpd_sync_on_start=3D"YES" cron_enable=3D"YES" cron_flags=3D"-j 60 -J 60" syslogd_flags=3D"-ss" sendmail_enable=3D"NO" sendmail_submit_enable=3D"NO" sendmail_outbound_enable=3D"NO" sendmail_msp_queue_enable=3D"NO" accounting_enable=3D"YES" tcp_drop_synfin=3D"YES" icmp_drop_redirect=3D"YES" clear_tmp_enable=3D"YES"=