From owner-freebsd-questions@freebsd.org Thu Sep 3 14:41:37 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 994EC9CA9CA for ; Thu, 3 Sep 2015 14:41:37 +0000 (UTC) (envelope-from lobo@bsd.com.br) Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 55EA5E58 for ; Thu, 3 Sep 2015 14:41:36 +0000 (UTC) (envelope-from lobo@bsd.com.br) Received: by qgt47 with SMTP id 47so29990546qgt.2 for ; Thu, 03 Sep 2015 07:41:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsd.com.br; s=capeta; h=date:from:to:cc:subject:message-id:in-reply-to:references :organization:mime-version:content-type:content-transfer-encoding; bh=SAx7hWF0+Eky+YG9H+YNRT7p3yspRXHCX0geJtFaqhs=; b=dIvouQXsl8qZFIdMF0oWVnTD1otEoOHi8CujrTFJR10cmuxV3k7HTkUs9YaXD9O0b0 yW9pXKrZFd6DDLf8Q+2W2OyVnd0SA5fItR9gZs5D58iFaP7Ili5F3nmflLmrR8sXdAaB wubYJJeVeA3H2QFwL5N8OujjWDdqNzy5cb1uA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:organization:mime-version:content-type :content-transfer-encoding; bh=SAx7hWF0+Eky+YG9H+YNRT7p3yspRXHCX0geJtFaqhs=; b=KKDt3v1jehDM4CmkYnvtESr0r6n3lsU8VBB3yruNykN+um08MEilnfUs4Q+3h68K93 sJbevLS/8JK7DmZG2y8rLBlpBkAOQKMbB5TVwPDZYI7RJ8Hgr9F/ImGIp5r+9yc48dKd +96LWDuxoEBjkxcUlDQm78zQPnIqa0imOOMbw24bo6UnXDin1cGVSPHFMJOUAST+2kVh Z5UfzBo5NcxDOj0X0IJVhStY/85nQnBKZjod89SDW3xPXzHKE6bBgYHFk52l+I69y/r3 KyFjN+ePZdNzp8cal3MpJ65uE4PSPuSH2zuKAh6P2hUzaw+UGFG/KDk5T9Nrp53dy1BU N5pQ== X-Gm-Message-State: ALoCoQlzaNyXjlQlUdhBsNDtmV/N+AVcIcS48j9zn30O3BaEoouFKa6dskZOeunQhNPbGyBTpAfn X-Received: by 10.140.195.81 with SMTP id q78mr70934968qha.49.1441291295812; Thu, 03 Sep 2015 07:41:35 -0700 (PDT) Received: from Papi ([179.181.60.41]) by smtp.gmail.com with ESMTPSA id o4sm14982302qki.43.2015.09.03.07.41.33 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Sep 2015 07:41:35 -0700 (PDT) Date: Thu, 3 Sep 2015 11:46:14 -0300 From: Mario Lobo To: Sergey Grigorian Cc: Mike Tancsa , "freebsd-questions@freebsd.org" Subject: Re: 10.2-RELEASE not forwarding packets/NATing with pf Message-ID: <20150903114614.17c98a13@Papi> In-Reply-To: <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru> References: <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru> <55E84B51.7070103@sentex.net> <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru> Organization: BSD X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd10.1) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2015 14:41:37 -0000 On Thu, 3 Sep 2015 14:04:54 +0000 Sergey Grigorian wrote: > > On 9/3/2015 7:49 AM, Sergey Grigorian wrote: > > > > > > And here's /etc/sysctl.conf: > > > > > > net.inet.ip.forwarding=1 > > > > > > Hi, > > This does not work the way it might have in the past. Make > > sure you set gateway_enable="YES" > > in /etc/rc.conf > > otherwise, devd and /etc/rc.d/routing will reset > > net.inet.ip.forwarding to 0 on certain network events. > > > > ---Mike > > Mike, > thanks for your suggestion. > I have gateway_enable="YES" set in /etc/rc.conf > Is there anything else I miss? > > Here's the /etc/rc.conf itself: > defaultrouter=172.16.0.1 > ifconfig_hn0="inet 172.16.0.3 netmask 255.255.255.0" > ifconfig_hn0_alias0="inet 172.16.0.4 netmask 255.255.255.255" > ifconfig_hn1="inet 172.16.1.1 netmask 255.255.255.0" > ifconfig_hn1_alias0="inet 172.16.1.7 netmask 255.255.255.255" > gateway_enable="YES" > pf_enable="YES" > pflog_enable="YES" > sshd_enable="YES" > ntpd_enable="YES" > ntpd_sync_on_start="YES" > cron_enable="YES" > cron_flags="-j 60 -J 60" > syslogd_flags="-ss" > sendmail_enable="NO" > sendmail_submit_enable="NO" > sendmail_outbound_enable="NO" > sendmail_msp_queue_enable="NO" > accounting_enable="YES" > tcp_drop_synfin="YES" > icmp_drop_redirect="YES" > clear_tmp_enable="YES" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" I know this sounds obvious but do you have device pf device pflog in your kernel? or pf.ko loaded ? -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things."