Re: FreeBSD as Server

I think, that ipfw is native for FreeBSD - it works better than other packet filters. Am I right?
With ng_nat first trouble was in parameter of mpd - there is set bundle enable compression. Second trouble is next:
in example I got next strings:
ipfw add 300 netgraph.... any to any....
ipfw add 400 netgraph.... any to any.....

In hook netgraph "out" I send only traffic from clients (in example was all traffic). In hook "in" I send all traffic from external interface.
But I took a problem with network on server.
ping works fine
mtr doesn't work
telnet <any host> <any port> don't work. But why?
When traffic that not be NATed in ng_nat was sent in hook "in" - it must simply out from it? Or no? Where is trouble?

Brian Candler пишет:

On Fri, Jan 13, 2006 at 03:50:00PM +0200, Alexander wrote:


Now I try to configure ng_nat. I use example from man ng_nat. Clients machine can ping inet hosts, but nothing loaded by http or ftp or other tcp protocol. On server packet NATed by not real ip. On other server under Linux this packet again NATed by real ip. What can I do with this?



Probably easier to use one of the other firewalling techniques to do NAT
rather than manually configure ng_nat.

Your other options are:
- ipfw + natd (old and venerable)
- ipf
- pf

My personal favourite is pf (which came from OpenBSD). Configuring NAT is
just one line in /etc/pf.conf.

Regards,

Brian.
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"



_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: blocking a string in a packet using ipfw
    ... serious overload on his server. ... Bagle.FY virus. ... And these are now all in the block list in IPFW. ... string in the packet to drop those packets. ...
    (freebsd-net)
  • blocking a string in a packet using ipfw
    ... serious overload on his server. ... And these are now all in the block list in IPFW. ... string in the packet to drop those packets. ... Or any other suggestion that would make sense. ...
    (freebsd-net)
  • Re: pf / queue+stateful / r generated rules assigned to the right queue?
    ... I would just delay the processing of the packet by the packet ... Right now I did it with ipfw... ... looks like up to 20 packets are waiting for the right bandwidth... ... So I should do the traffic shaping on the server side? ...
    (freebsd-net)
  • Re: Why do I get this message by the server ?
    ... How can I increase value of mbufs? ... Why do I get this message by the server? ... kernel: ipfw: pullup failed ... So one packet was dropped by the firewall that perhaps would ...
    (freebsd-questions)
  • Re: [was] addition to ipfw (read vlans from bridge)..
    ... into the packet as well as the packet, then yes I like that idea, ... At the moment I plan the ipfw code to be unaware of vlan headers. ... What we need to do is make a convention so that vlan tags are always ...
    (freebsd-net)