ipfilter, ipnat, and if driver ath: what's just changed?
dacoder
dc at dcoder.net
Sun Mar 1 10:43:27 PST 2009
updating my system friday from the feb 7 version of 7.1 to the latest broke
tcp and udp (but *not* icmp) over ipnat, which had worked forever with my
current ipfilter rules and ipnat mapping rules, which are pretty simple.
what has changed?
/etc/ipnat.rules:
map age0 10.0.0.0/24 -> <external ip>/32
@ the top of /etc/ipf.rules:
pass out quick on age0 proto tcp/udp from any to any keep state keep frags
pass out quick on age0 proto icmp from any to any keep state keep frags
that used to work. now it doesn't, witness ipmon:
01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 -> 10.0.0.253,2914
PR tcp len 20 48 -AS IN NAT
what's changed? ipf? ipnat? age? am i using an obsolete & therefore
unworkable set of ipfilter rules? icmp still works, btw.
i'd be grateful for any help.
thx.
david coder
network engineer emeritus
ntt/verio
More information about the freebsd-questions
mailing list