On Mon, Sep 22, 2008 at 06:11:35PM +0400, Roman Kurakin wrote: > Pawel Jakub Dawidek wrote: > >On Mon, Sep 22, 2008 at 05:31:08PM +0400, Roman Kurakin wrote: > > > >>So, could you draw you connections and related firewall rules. And the > >>one you > >>are trying to setup. I will also try to update the machine to the most > >>recent 7 to > >>see if my setup will stop working. Currently machine runs early > >>September checkout. > >> > > > >client (10.0.1.1) -----> bridge (10.0.5.123) -----> server (10.0.0.2) > > > >ifnet = "bridge0" > >rdr on $ifnet proto tcp from any to any port 12345 -> 10.0.5.123 port 12345 > >rdr on $ifnet proto udp from any to any port 12345 -> 10.0.5.123 port 12345 > > > Try also to play with stateful switches for pf. [...]
Adding the following made even UDP non-working: pass in on $ifnet proto udp from any to any keep state For TCP there was no difference. > [...] By the way do you have > any global that affects > defaults? Besides net.inet.ip.forwarding=1, no, although I tried various settings for net.link.bridge.*. > >Although it works even with bridge0 and TCP connections, but when bridge > >machine is treated as gateway, eg. > > > >server# nc -l 12345 > >client# route add 1.0.0.0/24 10.0.5.123 > >client# nc 10.0.0.2 12345 > > > And what about ipfw variant? For the first (bridge) case ipfw didn't work at all. No packets were redirected. I haven't tried for the gateway case, because pf works there. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpfnz3mdpYRi.pgp
Description: PGP signature
