Date: Wed, 18 Oct 2006 21:22:34 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: Martin Turgeon <turgeon.martin@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Routing with external interface doesn't work after a while Message-ID: <45367EFA.5060909@locolomo.org> In-Reply-To: <0J7C00MEQIPLGZE0@VL-MO-MR003.ip.videotron.ca> References: <0J7C00MEQIPLGZE0@VL-MO-MR003.ip.videotron.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin Turgeon wrote: > You're right on this, the filtering rules aren't written with the brackets. > But isn't pf routing the packets to an interface instead of an IP address. I can't tell you if this affects your setup since I have't seen the ruleset. You're going to tag then nat and then filter the packets. If any of these steps you apply non-dynamic rules, that is you use $ext_if instead of ($ext_if) for the ip address on the external interface, then you're likely to have things behave unexpectedly. Things suddenly stop working after weeks without problems, just sounds very much like your firewall setup doesn't follow changes of the interface configuration. Without knowing the details of your setup, I can't tell you much more. What also confuses me is that you have tags in your nat rules - you might add a tag for later use in filtering, but you also check if a tag exist, and I don't know how or where this is set. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45367EFA.5060909>