Date: Tue, 18 Jan 2005 13:50:13 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: pf & clonable devices Message-ID: <200501181350.21488.max@love2party.net> In-Reply-To: <86ekgi9avj.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> <86r7kj3x2b.fsf@srvbsdnanssv.interne.kisoft-services.com> <86ekgi9avj.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2295971.Ipr9692xHU Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 18 January 2005 13:31, Eric Masson wrote: > >>>>> "Eric" =3D=3D Eric Masson <e-masson@kisoft-services.com> writes: > > Followup to myself. > > A refinement in the problem description : > Trafic from the host where pf runs flows fine, but I need to issue a > pfctl -F all -f /etc/pf.conf to make traffic from/to hosts on the > network. Okay, that hints that the NAT-rule is to blame. Can you check the output o= f=20 "$pfctl -vvsn" after a reconnect, but before issuing a ruleset reload? Thi= s=20 looks a bit like PR kern/69954, in which case you might want to try to writ= e=20 your nat-rule as: nat on $ext_if from $int_if:network to any -> ($ext_if:0) Please let me know if that helps and - if not - send in the output of -vvsn. Thanks. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2295971.Ipr9692xHU Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB7QYNXyyEoT62BG0RAmhXAJ9/wiVJBerG4tv2yx74vaF4eLiPAwCeMaTJ jYxmSt+cwJB0TBR+37CACPM= =Z9aQ -----END PGP SIGNATURE----- --nextPart2295971.Ipr9692xHU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501181350.21488.max>