Hi,
Testing FreeBSD 8.1 I noticed that I seem to have routing or nat or
firewall issues. (csupped RELENG_8_1 which was -RELEASE not -RC last
night?)
- 8.1 booted fine
- connections from the system itself were fine
- connections from my jails to the internet were not working
- connections from my L
o any out via $pif
>
> accordingly.
>
> --
>
> Best Regards,
>
> Nasonov Sergey
On Wed, Jul 21, 2010 at 11:40 AM, Spil Oss wrote:
> Hi,
>
> Testing FreeBSD 8.1 I noticed that I seem to have routing or nat or
> firewall issues. (csupped RELENG_8_1 which was -RELE
Hi Sergey,
I'm dumbstruck!
Switching 'ip' to 'ip4' in both the divert rules fixed my problem.
Personally I think that should go into the UPDATING file as well. I
wouldn't have found it if you hadn't told me!
Many thanks,
Spil.
On Wed, Jul 21, 2010 at 9:
filed PR http://www.freebsd.org/cgi/query-pr.cgi?pr=148827
> you say your ruleset is based on '30.6.5.7 An Example NAT and Stateful
> Ruleset', so I'm assuming it's broadly based on example #2 there.
>
> > On Wed, Jul 21, 2010 at 9:08 PM, Spil Oss wrote:
> &g
Correction
ipfw delete 500
ipfw add 500 divert natd ip4 from any to any out via $pif
NATting works again
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsu
The following reply was made to PR kern/148827; it has been noted by GNATS.
From: Spil Oss
To: bug-follo...@freebsd.org
Cc:
Subject: Re: kern/148827: [ipfw] divert broken with in-kernel ipfw
Date: Thu, 22 Jul 2010 20:30:31 +0200
It is only the outbound divert rule that needs to be changed
Hi All,
I can't use ipfw with natd with my ASIX AX88772B USB NIC
ipfw ruleset (slightly modified /etc/rc.firewall simple ruleset)
00010 allow ip from any to me dst-port 22 recv ue0
00010 allow tcp from me 22 to any xmit ue0
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.
g (show us your natd
> config) that is permissive, then gradually add protection. natd by
> itself is stateful, and will probably provide all you need.
>
> - M
>
> On Sat, Apr 13, 2013 at 6:34 AM, Spil Oss wrote:
> > Hi All,
> >
> > I can't use ipfw with na
nal NIC to.
Thanks!
Spil.
On Sun, Apr 14, 2013 at 7:26 PM, Ian Smith wrote:
> On Sat, 13 Apr 2013 15:34:39 +0200, Spil Oss wrote:
> > Hi All,
> >
> > I can't use ipfw with natd with my ASIX AX88772B USB NIC
> >
> > ipfw ruleset (slightly modified
Hi all,
Network dumps as promised
On 172.17.2.1:
tcpdump -p -i bridge0 -s 0 -w ssh-fail.pcap host not 172.17.2.167
>From 172.17.2.1 I ran
telnet 172.17.2.111/157 22
In Wireshark I trimmed the capture a bit further with expression
'not stp and not http'
Initial setup (ue0 ext, re
I tried with pf as well and it behaves the same.
Kind regards,
Spil.
On Mon, Apr 15, 2013 at 9:04 PM, Spil Oss wrote:
> Hi all,
>
> Network dumps as promised
> On 172.17.2.1:
> tcpdump -p -i bridge0 -s 0 -w ssh-fail.pcap host not 172.17.2.167
> From 172.17.2.1 I
wrote:
> On Tue, 16 Apr 2013 20:52:05 +0200, Spil Oss wrote:
> > Hi all,
> >
> > If I disable checksum offloading on the NIC I do the tcpdump on, then I
> > assume that the checksum-check will provide accurate results?
>
> It certainly should.
>
> >
Hi,
There seems to be quite a bit of overhaul on the firewall code, pf and
ipfw have been moved to sys/netpfil? Can there be some regressions in
there that I hit?
Just upgraded to r250404 but that does not help. Should I file a PR?
Kind regards,
Spil.
On Thu, May 9, 2013 at 10:56 AM, Spil Oss
400, Gleb Smirnoff wrote:
>> Spil,
>>
>> On Fri, May 10, 2013 at 09:06:35AM +0200, Spil Oss wrote:
>> S> There seems to be quite a bit of overhaul on the firewall code, pf and
>> S> ipfw have been moved to sys/netpfil? Can there be some regressions in
>> S&
14 matches
Mail list logo
