[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: config MYKERN unknown option "IPFILTER_LKM"
From: Len Conrad <lconrad () Go2France ! com>
Date: 2000-10-29 18:41:32
[Download RAW message or body]
Sorry, I meant to send along the routing table, too:
Destination Gateway Flags Netif Expire
default 212.73.210.241 UGSc 3 477 xl0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.10 link#1 UC 0 0 oltr0 =>
192.168.10.1 0.0.83.42.40.2f UHLW 0 120 lo0
212.73.210.240/30 link#2 UC 0 0 xl0 =>
212.73.210.241 0:50:73:76:42:81 UHLW 4 105 xl0 304
212.73.210.242 0:1:2:b2:ad:a5 UHLW 0 120 lo0
==================================================
FreeBSD 4.1-R and ipfilter 3.4.13, with ifilter as module.
(We had good success with a couple of FreeBSD 3.1 and 3.4 with
earlier ipf 3.3 and 3.4 in the kernal and really weren't expecting
any trouble now, but....)
# kldstat
Id Refs Address Size Name
1 2 0xc0100000 2335c4 kernel
2 1 0xc0ae8000 15000 ipf.ko
We are just trying to get a simple ipnat running with this rule (no
ipfilter,yet):
map oltr0 192.168.10.0/24 -> 212.73.210.242/32 portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24 -> 212.73.210.242/32
# ipnat -l
List of active MAP/Redirect filters:
map oltr0 192.168.10.0/24 -> 212.73.210.242/32 portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24 -> 212.73.210.242/32
List of active sessions:
Telnetting to the ipf machine, we try to ping from the inside i/f
192.168.10.1 to the outside of next-hop router i/f:
ping -S 192.168.10.1 212.73.210.22
... works, but we cannot get an active NAT session showing. stumped.
ping -S 192.168.10.1 212.73.210.69 (a bit futher upstream)
fails, however ping from the ipnat's outside i/f
ping -S 212.73.210.242 212.73.210.69
... works fine
Ideas?
tia,
Len
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic