Abu Khaled wrote:
On 7/30/05, Giovanni P. Tirloni <[EMAIL PROTECTED]> wrote:
Giovanni P. Tirloni wrote:
Max Laier wrote:
One thing comes to my mind: What does
$sysctl net.inet.ip.forwarding
say?
# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1
I had some tweaks in /etc/sysctl but disabling them didn't help either.
#net.inet.ip.check_interface=1
#net.inet.tcp.blackhole=2
#net.inet.udp.blackhole=1
I forgot to mention this box had ipfw+dummnyet (with two queues)
activated. I disabled ipfw in the kernel and pf rdr worked again! Just
removing the ipfw rules didn't work.
Weird enough, I don't have dummynet on the other 2 machines that have
the same problem. But ipfw is compiled in but disabled.
I'll try to disable ipfw on the other boxes and see what happens there
to confirm this.
If ipfw is compiled in the kernel and it defaults to deny all, then
you need to add rules for ipfw to allow connections to and from
localhost (127.0.0.1 and port 3128). Otherwise ipfw well drop 'pf rdr
traffic'.
# ipfw add allow tcp from $lan_net to 127.0.0.1 3128
# ipfw add allow tcp from 127.0.0.1 3128 to $lan_net
Put the rules before any anti spoofing rules in ipfw.
I think there's something in the code that makes it not work because I
set ipfw to accept by default on every machine I have. There must be
something else.
--
Giovanni P. Tirloni / [EMAIL PROTECTED] / PGP: 0xD0315C26
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
