On Dec 27, 2007 5:57 AM, Johnny Billquist <bqt@softjar.se> wrote:
> But my first thought is if you have enabled forwarding on the machine.
> Can you access any machine on the outside from any machine on the inside?

Thanks for the suggestion. I do have forwarding set and working. (The
NetBSD router box has been working for two years.)

What happened is this:

1) I based my firewall rules on the excellent document found at
http://www.obfuscation.org/ipf/ipf-howto.html  Unfortunately, the list
of illegal addresses to block is out-of-date. The homepage for the Wii
was at 125.xxx.xxx.xxx, which was getting blocked by the rule that
discards packets from 96.0.0.0/3.

2) I thought the "log" flag was inherited by rules further down the
rule list. This isn't true, so the above rule wasn't logging the
blockage.

It was purely operator error. Thanks again for everyone's help!

-- 
Rich

JID: rich@neswold.homeunix.net
AIM: rnezzy