From owner-freebsd-pf@FreeBSD.ORG Fri Feb 10 16:11:09 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D39516A420 for ; Fri, 10 Feb 2006 16:11:09 +0000 (GMT) (envelope-from leccine@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id C76F943D46 for ; Fri, 10 Feb 2006 16:11:08 +0000 (GMT) (envelope-from leccine@gmail.com) Received: by uproxy.gmail.com with SMTP id m2so449965ugc for ; Fri, 10 Feb 2006 08:11:07 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:subject:content-type:content-transfer-encoding; b=J4UXEM5Cq7wMQo2pnNgRDlEbZO1tVHcO9Cfwa7zSh4/SmWq8o68FXtQ/ZVC5+exKoZuAPpYkAgYqauXDR8FU8CJYRLlz0eGo50RSihQpQBno4wUqT2tEUmhBus6AsU3R4bBFgfWUJqxmZOJirVLa2JC7UAYMfA6I7Qax7XfusqI= Received: by 10.49.10.14 with SMTP id n14mr2919776nfi; Fri, 10 Feb 2006 08:11:06 -0800 (PST) Received: from ?192.168.0.2? ( [80.99.15.9]) by mx.gmail.com with ESMTP id l38sm1244284nfc.2006.02.10.08.11.05; Fri, 10 Feb 2006 08:11:06 -0800 (PST) Message-ID: <43ECBB14.5070303@gmail.com> Date: Fri, 10 Feb 2006 17:11:00 +0100 From: =?ISO-8859-2?Q?Szuk=E1cs_Istv=E1n?= User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU; rv:1.7.12) Gecko/20050915 Mnenhy/0.7.3.0 X-Accept-Language: hu MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Subject: intresting error(bug?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Feb 2006 16:11:09 -0000 i have a freebsd 5.4 server ifconfig fxp0: flags=8843 mtu 1500 options=8 inet 195.xxx.157.214 netmask 0xffffffe0 broadcast 195.228.157.223 inet6 fe80::211:11ff:fe56:ec80%fxp0 prefixlen 64 scopeid 0x1 inet6 3ffe:401c:430::1 prefixlen 64 ether 00:11:11:56:ec:80 media: Ethernet autoselect (100baseTX ) status: active nat on $ext_if from 127.1.0.0/16 to any -> ($ext_if) i just realised that in my jail every second connection is working. i check the pfctl -ss self tcp 127.1.0.1:53321 -> 10.0.0.4:61360 -> 195.228.157.253:6667 SYN_SENT:CLOSED wtf?? why 10.0.0.4? The last week we tested some vpn-s here and then i use this ip temporary for testing, after i delete it ifconfig fxp0 add -alias 10.0.0.4 0xffffff00 but the pf use it for NAT like it is still exists there i changed my rules nat on $ext_if from 127.1.0.0/16 to any -> 195.xxx.157.214 now it is working but my question is why pf still use this ip even it is no more exists there (i reloaded the ruleset and flushed the state table before) (sorry for my english)