Date: Mon, 10 Sep 2007 20:21:53 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Michal Mertl <mime@traveller.cz> Subject: Re: PF NAT regression Message-ID: <200709102021.58702.max@love2party.net> In-Reply-To: <1189445938.1321.5.camel@genius.i.cz> References: <1189445938.1321.5.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1929354.U5fSiiLJCJ Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 10 September 2007, Michal Mertl wrote: > Hello, > > I have recently upgraded 6.2-STABLE based router to -CURRENT kernel and > I found out the following in /etc/pf.conf does not work anymore: > > ext_if=3D"sis0" > nat on $ext_if from ! ($ext_if) to any -> ($ext_if) > > It works again when I change it to: > > nat on $ext_if from any to any -> ($ext_if) Can you show me "ifconfig sis0" and "pfctl -vvvsn" for either rule? It=20 might be a problem with picking up aliases correctly. You could also try=20 to limit the nat rule by specifying "inet". A tcpdump on sis0 might also=20 be helpful to figure out what's going on, as could be "pfctl -xm" to=20 enable extended debugging on the console. This should print which=20 address is chosen for any translation. Finally you might want to look at=20 the rule counters and the state table after trying a couple of=20 connections. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1929354.U5fSiiLJCJ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBG5YtGXyyEoT62BG0RAn3mAJ9POd7Jg9mQeu/OhWpjV8QaoIGVHACffSB8 P/Cm3/CKch5k7XEQ+xxONDI= =xQ8F -----END PGP SIGNATURE----- --nextPart1929354.U5fSiiLJCJ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709102021.58702.max>