From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:39:53 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 66AA516A4CF; Thu, 16 Sep 2004 03:39:53 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 38790 invoked by uid 1005); 9 Jun 2003 03:13:33 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 38787 invoked from network); 9 Jun 2003 03:13:33 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e39874.dip.t-dialin.net with SMTP; 9 Jun 2003 03:13:33 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19PE2U-0003Sl-00 for max@vampire.homelinux.org; Mon, 09 Jun 2003 06:13:46 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 19PE2Q-0006AD-00 for max@love2party.net; Mon, 09 Jun 2003 06:13:42 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 8C94A390BFD; Sun, 8 Jun 2003 23:09:04 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 08 Jun 2003 23:09:01 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (unknown [211.218.149.125]) ESMTP id 0CE18390BD7 for ; Sun, 8 Jun 2003 23:09:00 -0500 (EST) Received: from michelle.kt-is.co.kr ([220.76.118.193]) (authenticated bits=0) by ns.kt-is.co.kr (8.12.5/8.12.5) with ESMTP id h594AJWC057660 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL) for ; Mon, 9 Jun 2003 13:10:20 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.8/8.12.8) with ESMTP id h594D7sW001077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 9 Jun 2003 13:13:07 +0900 (KST) (envelope-from yongari@michelle.kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.8/8.12.8/Submit) id h594CvXH001076 for pf4freebsd@freelists.org; Mon, 9 Jun 2003 13:12:57 +0900 (KST) (envelope-from yongari) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20030609041253.GA976@kt-is.co.kr> References: Mime-Version: 1.0 Content-type: text/plain; charset=euc-kr Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.1i X-Filter-Version: 1.9 (ns.kt-is.co.kr) X-archive-position: 24 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd X-UID: 97 X-Length: 5080 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] Re: Version 1.52 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:39:53 -0000 X-Original-Date: Mon, 9 Jun 2003 13:12:53 +0900 X-List-Received-Date: Thu, 16 Sep 2004 03:39:53 -0000 On Sun, Jun 08, 2003 at 10:50:38PM +0200, Rolf wrote: > > Hi, keep up the good work guys! > > I've just upgraded my gateway to fbsd 5.1 RELEASE #0. > Then I installed your pf_freebsd_1.52 package, guess what! It works!! BUT! > I am an xDSL user, and got some problems with NAT through pf when using ppp protocol to connect PPPoE ,and have not (yet) had time and effort to lookup this error. > > My NAT rule in pf.conf is exatly as posted here: nat on ! ?Int from $Int/24 to any -> $Ext > where Int=xl1 and Ext=tun0. > Thanks for your feedback. There are two methods on FreeBSD to use xDSL, also known as user mode and kernel mode. It seems that you use userland PPPoE client becuase your external interface is tun0. Right? You should first check your xDSL connection without pf. (To narrow down the problem.) There may be some differences between OpenBSD ppp and FreeBSD ppp configuration. Currently, FreeBSD pf can't detect address changes accomplished by ppp client software(ppp or mpd). OpenBSD pf knows about that and takes care about it. This is one of differences between FreeBSD pf and OpenBSD one. You should reload your pf rule whenever your external address(tun0) chanages. This can be done via /etc/ppp/ppp.linkup file. See ppp(8) for more detailes.(This problem can be fixed if we can have a write access FreeBSD kernel sources.) If you can't NAT with this, please let me know. Please include the following information. 1. FreeBSD/pf version used 2. your kernel configuration if you have customized one 3. your complete pf rule set 4. your network configuration 5. your ppp start up script in /etc/ppp/ppp.linkup You would get more stable version if users like you report more problems. Thank you and good luck. > This worked great on my former OBSD box, and should have worked on my FBSD to. > > I would love to use pf's NAT(RDR works great). > OH, IPv6 works great for me, that's it so far.. > > I have not been able or have found the time and effort to test any other functions... > > Rolf > -- Pyun YongHyeon