From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:02:43 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 2D2DB16A4CF; Thu, 16 Sep 2004 04:02:43 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 79358 invoked by uid 1005); 16 Mar 2004 10:16:54 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 79355 invoked from network); 16 Mar 2004 10:16:53 -0000 Received: from moutng.kundenserver.de (212.227.126.173) by pd95300c5.dip.t-dialin.net with SMTP; 16 Mar 2004 10:16:53 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1B3BWZ-0004B0-00 for max@vampire.homelinux.org; Tue, 16 Mar 2004 11:10:15 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 1B3BWY-0006WX-00 for max@love2party.net; Tue, 16 Mar 2004 11:10:15 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 2B464390B61; Tue, 16 Mar 2004 05:04:21 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 16 Mar 2004 05:04:09 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187])ESMTP id 44D0239017C for ; Tue, 16 Mar 2004 05:04:08 -0500 (EST) Received: from [212.227.126.179] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1B3BWK-0000Mx-02 for pf4freebsd@freelists.org; Tue, 16 Mar 2004 11:10:00 +0100 Received: from [217.83.0.197] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1B3BWF-00055e-00 for pf4freebsd@freelists.org; Tue, 16 Mar 2004 11:09:55 +0100 Received: (qmail 79351 invoked by uid 1001); 16 Mar 2004 10:16:32 -0000 From: Max Laier To: pf4freebsd@freelists.org Message-ID: <20040316101632.GA79257@router.laiers.local> References: <20040316085734.GA40180@active.ath.cx> Mime-Version: 1.0 Content-type: text/plain Content-Disposition: inline In-Reply-To: <20040316085734.GA40180@active.ath.cx> User-Agent: Mutt/1.4.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 X-archive-position: 289 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 407 X-Length: 4432 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:04:15 +0000 Subject: [pf4freebsd] Re: nat dynamic ip interface X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:02:43 -0000 X-Original-Date: Tue, 16 Mar 2004 11:16:32 +0100 X-List-Received-Date: Thu, 16 Sep 2004 04:02:43 -0000 On Tue, Mar 16, 2004 at 10:57:34AM +0200, Amir S. wrote: > I'm using FreeBSD 5.2-CURRENT #0: Tue Mar 9 13:05:04 IST 2004. > I have switched to test pf for my nat and firewall, > but I'm having problems with natting my private network to internet. >=20 > I have the following interfaces handled by pf: > fxp0 - local network > fxp1 - adsl modem, I connect to it over pppoe using freebsd `ppp`. > tun0 - internet interface >=20 > I'm using this rule to do natting: > nat on $ext_if from $int_if:network to any -> ($ext_if) > > the problems begins after while my machine is running,=20 > my internet connection dies and reconnects,=20 > and my interface recevies a new ip. Thanks! Good catch. That does not work due to a missmerge while submittin= g the changes. You can fix this by defining HOOK_HACK during kernel or pf-module compilation. I will committ a fix shortly. <...> > pass out on $adsl_if proto tcp all modulate state flags S/SA group whee= l > pass out on $adsl_if proto { udp, icmp } all keep state group wheel This seems bogus as there should not be any ip traffic on $adsl_if. All traffic there should be encapsulated inside of PPPoE packets. Take a look= at the counters to see if these rules are matched at all. (pfctl -vsr) --=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAVtQAXyyEoT62BG0RAiXzAJ9AMycLQ2VoYJpM74RCPkZOhs/gbACfaX6L 9SzafVb7N1l1MhlRY5VRYxI=3D =3DrtxY -----END PGP SIGNATURE-----