From owner-freebsd-pf@FreeBSD.ORG Tue Jan 25 20:04:09 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0654E16A4CE for ; Tue, 25 Jan 2005 20:04:09 +0000 (GMT) Received: from hotmail.com (bay24-f18.bay24.hotmail.com [64.4.18.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6E8043D5C for ; Tue, 25 Jan 2005 20:04:08 +0000 (GMT) (envelope-from segr@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 25 Jan 2005 12:04:02 -0800 Message-ID: Received: from 198.53.131.3 by by24fd.bay24.hotmail.msn.com with HTTP; Tue, 25 Jan 2005 20:03:58 GMT X-Originating-IP: [198.53.131.3] X-Originating-Email: [segr@hotmail.com] X-Sender: segr@hotmail.com In-Reply-To: <005101c5030d$b98beb20$0100000a@R3B> From: "Stephane Raimbault" To: dionch@freemail.gr, freebsd-pf@freebsd.org Date: Tue, 25 Jan 2005 13:03:58 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 25 Jan 2005 20:04:02.0471 (UTC) FILETIME=[03EAC370:01C50319] Subject: Re: route-to rule. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 20:04:09 -0000 Hi chris, Thanks for all your help btw :) Okay, so I have my vpn routes and default routes setup already.... so I tried the config earlier today without the tun interfaces you suggested yesterday... and sure enough, once I put that in, I couldn't do dns lookups... I hadn't noticed it this morning cuz I only looked up already cached dns queries. So something in this configuration is stopping dns (possible udp?) packets? the pf box, seems to respond from the wan interfaces just fine and people are able to surf to sites previously cached in dns. This is become a bit of a head scratcher. Also, pinging the 10.1.0.0/24 and 10.0.0.0/26 LAN's stop once I put in the configuration you suggested, or even whith the tun interfaces in the configuration it stops pinging. so somewhere we are going ary. Any thoughts? Thanks, Stephane. >From: "Chris Dionissopoulos" >Reply-To: "Chris Dionissopoulos" >To: "Stephane Raimbault" , >Subject: Re: route-to rule. >Date: Tue, 25 Jan 2005 20:43:09 +0200 > >Hi, > >For vpn problem: >Is routing already set in both sides? > >pf-box: >route add 10.0.0.0/26 > >Other vpn end: >route add 10.0.1.0/24 > > >For DNS problem: >You have to decide which gateway pf-box will use >as default for own connections (default gateway is missing). >route add default | maybe solves it. > >Chris. > > > >----- Original Message ----- From: "Stephane Raimbault" >To: ; >Sent: Tuesday, January 25, 2005 8:17 PM >Subject: Re: route-to rule. > > >>Well this is odd.. I gave this a try... and the tun interface wasn't able >>to pass traffic between the 2 lan's >> >>10.0.0.0/26 is the remote lan, and 10.1.0.0/24 is the local lan. >> >>and dns stopped working for the local lan... I have a caching dns server >>configured on the pf box, and even that couldn't resolve anything despite >>still having good network connections to the 2 wan's >> >>Any idea what's missing? >> >>Thanks, >>sTephane. >> > > >____________________________________________________________________ >http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. >http://www.freemail.gr - free email service for the Greek-speaking. _________________________________________________________________ Powerful Parental Controls Let your child discover the best the Internet has to offer. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.