From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 18 19:24:06 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0320A16A407
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Oct 2006 19:24:06 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 536AF43D78
	for <freebsd-questions@freebsd.org>;
	Wed, 18 Oct 2006 19:24:04 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 9D5102E024;
	Wed, 18 Oct 2006 21:24:03 +0200 (CEST)
Message-ID: <45367EFA.5060909@locolomo.org>
Date: Wed, 18 Oct 2006 21:22:34 +0200
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5.0.7 (X11/20060916)
MIME-Version: 1.0
To: Martin Turgeon <turgeon.martin@gmail.com>
References: <0J7C00MEQIPLGZE0@VL-MO-MR003.ip.videotron.ca>
In-Reply-To: <0J7C00MEQIPLGZE0@VL-MO-MR003.ip.videotron.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Routing with external interface doesn't work after a while
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Oct 2006 19:24:06 -0000

Martin Turgeon wrote:

> You're right on this, the filtering rules aren't written with the brackets.
> But isn't pf routing the packets to an interface instead of an IP address.

I can't tell you if this affects your setup since I have't seen the 
ruleset.

You're going to tag then nat and then filter the packets. If any of 
these steps you apply non-dynamic rules, that is you use $ext_if instead 
of ($ext_if) for the ip address on the external interface, then you're 
likely to have things behave unexpectedly.

Things suddenly stop working after weeks without problems, just sounds 
very much like your firewall setup doesn't follow changes of the 
interface configuration. Without knowing the details of your setup, I 
can't tell you much more.

What also confuses me is that you have tags in your nat rules - you 
might add a tag for later use in filtering, but you also check if a tag 
exist, and I don't know how or where this is set.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9