Date: Tue, 18 Jan 2005 13:50:13 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: pf & clonable devices Message-ID: <200501181350.21488.max@love2party.net> In-Reply-To: <86ekgi9avj.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> <86r7kj3x2b.fsf@srvbsdnanssv.interne.kisoft-services.com> <86ekgi9avj.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tuesday 18 January 2005 13:31, Eric Masson wrote: > >>>>> "Eric" == Eric Masson <e-masson@kisoft-services.com> writes: > > Followup to myself. > > A refinement in the problem description : > Trafic from the host where pf runs flows fine, but I need to issue a > pfctl -F all -f /etc/pf.conf to make traffic from/to hosts on the > network. Okay, that hints that the NAT-rule is to blame. Can you check the output of "$pfctl -vvsn" after a reconnect, but before issuing a ruleset reload? This looks a bit like PR kern/69954, in which case you might want to try to write your nat-rule as: nat on $ext_if from $int_if:network to any -> ($ext_if:0) Please let me know if that helps and - if not - send in the output of -vvsn. Thanks. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB7QYNXyyEoT62BG0RAmhXAJ9/wiVJBerG4tv2yx74vaF4eLiPAwCeMaTJ jYxmSt+cwJB0TBR+37CACPM= =Z9aQ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501181350.21488.max>