Hi! Rich Wales wrote: > I can connect between my LAN and the firewall (via its LAN interface) -- > and I can reach the Internet from the firewall (via its WAN interface) So, the kFreeBSD box has a correct default route out to the Internet? # route get -n 0.0.0.0 > -- but I can't manage to go *through* the firewall from my LAN to the > Internet (I've set up another box to use the kFreeBSD firewall as its > gateway, but packets are simply being dropped). The LAN interface will need to have an appropriate IP address and netmask assigned on it, and the interface must be 'UP' of course. Does the kFreeBSD box have a correct route to the source? # route get -n 192.168.1.2 (or whatever is the IP of that other box) > I have *net.inet.ip.forwarding* enabled, That's required, yes. > I'm using a minimal PF > configuration that does NAT and passes everything in and out on both > network interfaces. Please check if the ruleset is correctly loaded and enabled, e.g. with # pfctl -ef /etc/pf.conf It may be useful to check the output from # pfctl -vsa Regards, -- Steven Chamberlain steven@pyro.eu.org
Attachment:
signature.asc
Description: Digital signature