From owner-freebsd-questions@FreeBSD.ORG Wed Oct 18 14:30:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E76916A500; Wed, 18 Oct 2006 14:30:06 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFBC643D45; Wed, 18 Oct 2006 14:30:05 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.7.193] (68.Red-80-34-55.staticIP.rima-tde.net [80.34.55.68]) by strange.daemonsecurity.com (Postfix) with ESMTP id EDCF12E024; Wed, 18 Oct 2006 16:30:03 +0200 (CEST) Message-ID: <45363A6A.4040607@locolomo.org> Date: Wed, 18 Oct 2006 16:30:02 +0200 From: Erik Norgaard User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Martin Turgeon References: <0J7C00A3541CUN90@VL-MH-MR001.ip.videotron.ca> In-Reply-To: <0J7C00A3541CUN90@VL-MH-MR001.ip.videotron.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-bugs@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Routing with external interface doesn't work after a while X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2006 14:30:06 -0000 Martin Turgeon wrote: > I've been reading the mailing list for a while, but it's my first post. I'm > not sure what is causing the problem so I'm posting to multiple lists. I'm > running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks likes > after a while (a couple of weeks) the routing isn't working anymore, but > only with the external interface (the one connected to my cable modem from > Videotron in Montreal). The box is acting as the gateway of the network with > PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred > on FreeBSD 6.0 on another box. Is your external ip configured with dhcp? I would guess this is because your ip on the external interface changes. Your NAT rules will still go to the old ip and hence nowhere. If reloading your pf ruleset solves the problem, then this is a strong indication. There is some trick to handle that, IIRC something like this would do: ext_if=fxp0 # external interface nat on $ext_if from to ! -> ($ext_if) The () means that pf will lookup the ip on that interface, and update dynamically when the ip changes. Well, that's how I remember it, I couldn't find where I've seen it, but there is a trick like this. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9