On Wed, Oct 7, 2015, at 09:43, Dr. Rolf Jansen wrote: > > > You definitely need net.inet.ip.fw.one_pass=0 for statefule IPFW+NAT for > the IPv4 traffic. IPv6 does not pass NAT anyway and is not affected. > > I assume, that you have gateway_enable="YES" and > ipv6_gateway_enable="YES" in your /etc/rc.conf — sometimes this becomes > forgotten. > > Best regards > > Rolf >
Yes, I do have those. My firewall has been fully functioning in pf for years, but options for QoS in FreeBSD are poor. OpenBSD's QoS in their newer pf is great. I've heard enough about dummynet to want to try it out, but getting the most basic configuration working so I can convert the rest of my firewall ruleset has been rather painful so far. It seems I've been missing this rather important sysctl setting because the traffic hasn't been flowing through my ruleset the way I expected it to. Thanks for your input! -- Mark Felder ports-secteam member f...@freebsd.org _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
