From owner-freebsd-questions@FreeBSD.ORG Tue Oct 14 11:50:03 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D6AE716A4B3 for ; Tue, 14 Oct 2003 11:50:03 -0700 (PDT) Received: from lerami.lerctr.org (lerami.lerctr.org [207.158.72.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F3F443FBF for ; Tue, 14 Oct 2003 11:50:02 -0700 (PDT) (envelope-from ler@lerctr.org) Received: from lerlaptop-red.iadfw.net (lerlaptop-red.iadfw.net [207.136.3.72]) (authenticated bits=0)h9EInv7h002626; Tue, 14 Oct 2003 13:49:58 -0500 (CDT) Date: Tue, 14 Oct 2003 13:49:54 -0500 From: Larry Rosenman To: DavidB , freebsd-questions@freebsd.org Message-ID: <8940000.1066157394@lerlaptop-red.iadfw.net> In-Reply-To: <3F8C4339.5000509@whatistruth.net> References: <10390000.1066022394@lerlaptop.lerctr.org> <20031013140359.5e3ba652.cpressey@catseye.mine.nu> <58210000.1066091152@lerlaptop.lerctr.org> <3F8C4339.5000509@whatistruth.net> X-Mailer: Mulberry/3.1.0b8 (Linux/x86) X-PGP-Info: All other keys are old/dead. X-PGP-Key: 0x3c49bdd6 X-PGP-Fingerprint: D0D1 3C11 F42F 6B29 FA67 6BF3 AD13 4685 3C49 BDD6 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========B82387024E7637211CA9==========" X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Subject: Re: IPNAT/Slow TCP/Pings fine/4.8-REL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2003 18:50:04 -0000 --==========B82387024E7637211CA9========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Tuesday, October 14, 2003 11:40:57 -0700 DavidB=20 wrote: > Larry Rosenman wrote: > > If you would post this to freebsd-questions you would probably get better > service, since it is most likely a configuration issue. I did post to -questions as well. > > And yes, it is my understanding that IPDIVERT is not needed for IPFILTER > and ipnat. anyone? Yes, I've verified it. > > the rc.conf gateway_enable option and setting the sysctl forwarding > option do the same thing, someone more knowledgeable can answer to that > one. Oh, I just checked it sets the forwarding but not fastforwarding. > So you need either method you choose, both is redundant. Wasn't sure about that. Thanks. > > You are not very descriptive: can ping? ping [ip.num.for.localhost] or > ping [ip.num.for.externalhost] or ping [host.domain.tld] ping local, ping external-ip, ping name.of.external all work. > > apparently do name lookups?? are you getting good results from > nslookup www.abcnews.com or such? host www.lerctr.org works (from a non-auth resolver for it). > > I think there is a top like command line option for ipfilter you can use > to see what ipfilter is doing, but I am not sure if it is helpful with > ipnat. Didn't seem to get it. I did do a ipnat -l and SAW THE TRANSLATION. I also could telnet to the same destination from directly on the fw/router box, and saw the session. :-( > > posting to questions instead, I think is appropriate. Will follow-up there. > > Have a good day, Thanks! > David > > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > --=20 Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 --==========B82387024E7637211CA9========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jEVVrRNGhTxJvdYRAm1OAJ4n/+A+t0iJ71L0KyQ363e4F43Y7wCgkqot Lv/PQbgRl6Zit0tJ5N+rU1I= =em8F -----END PGP SIGNATURE----- --==========B82387024E7637211CA9==========--