Date: Tue, 14 Oct 2003 13:49:54 -0500 From: Larry Rosenman <ler@lerctr.org> To: DavidB <odyseus00@whatistruth.net>, freebsd-questions@freebsd.org Subject: Re: IPNAT/Slow TCP/Pings fine/4.8-REL Message-ID: <8940000.1066157394@lerlaptop-red.iadfw.net> In-Reply-To: <3F8C4339.5000509@whatistruth.net> References: <10390000.1066022394@lerlaptop.lerctr.org> <20031013140359.5e3ba652.cpressey@catseye.mine.nu> <58210000.1066091152@lerlaptop.lerctr.org> <3F8C4339.5000509@whatistruth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========B82387024E7637211CA9========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Tuesday, October 14, 2003 11:40:57 -0700 DavidB=20 <odyseus00@whatistruth.net> wrote: > Larry Rosenman wrote: > > If you would post this to freebsd-questions you would probably get better > service, since it is most likely a configuration issue. I did post to -questions as well. > > And yes, it is my understanding that IPDIVERT is not needed for IPFILTER > and ipnat. anyone? Yes, I've verified it. > > the rc.conf gateway_enable option and setting the sysctl forwarding > option do the same thing, someone more knowledgeable can answer to that > one. Oh, I just checked it sets the forwarding but not fastforwarding. > So you need either method you choose, both is redundant. Wasn't sure about that. Thanks. > > You are not very descriptive: can ping? ping [ip.num.for.localhost] or > ping [ip.num.for.externalhost] or ping [host.domain.tld] ping local, ping external-ip, ping name.of.external all work. > > apparently do name lookups?? are you getting good results from > nslookup www.abcnews.com or such? host www.lerctr.org works (from a non-auth resolver for it). > > I think there is a top like command line option for ipfilter you can use > to see what ipfilter is doing, but I am not sure if it is helpful with > ipnat. Didn't seem to get it. I did do a ipnat -l and SAW THE TRANSLATION. I also could telnet to the same destination from directly on the fw/router box, and saw the session. :-( > > posting to questions instead, I think is appropriate. Will follow-up there. > > Have a good day, Thanks! > David > > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" > --=20 Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 --==========B82387024E7637211CA9========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/jEVVrRNGhTxJvdYRAm1OAJ4n/+A+t0iJ71L0KyQ363e4F43Y7wCgkqot Lv/PQbgRl6Zit0tJ5N+rU1I= =em8F -----END PGP SIGNATURE----- --==========B82387024E7637211CA9==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8940000.1066157394>