Date: Mon, 10 Sep 2007 20:21:53 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Michal Mertl <mime@traveller.cz> Subject: Re: PF NAT regression Message-ID: <200709102021.58702.max@love2party.net> In-Reply-To: <1189445938.1321.5.camel@genius.i.cz> References: <1189445938.1321.5.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Monday 10 September 2007, Michal Mertl wrote: > Hello, > > I have recently upgraded 6.2-STABLE based router to -CURRENT kernel and > I found out the following in /etc/pf.conf does not work anymore: > > ext_if="sis0" > nat on $ext_if from ! ($ext_if) to any -> ($ext_if) > > It works again when I change it to: > > nat on $ext_if from any to any -> ($ext_if) Can you show me "ifconfig sis0" and "pfctl -vvvsn" for either rule? It might be a problem with picking up aliases correctly. You could also try to limit the nat rule by specifying "inet". A tcpdump on sis0 might also be helpful to figure out what's going on, as could be "pfctl -xm" to enable extended debugging on the console. This should print which address is chosen for any translation. Finally you might want to look at the rule counters and the state table after trying a couple of connections. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBG5YtGXyyEoT62BG0RAn3mAJ9POd7Jg9mQeu/OhWpjV8QaoIGVHACffSB8 P/Cm3/CKch5k7XEQ+xxONDI= =xQ8F -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709102021.58702.max>