Date: Mon, 10 Sep 2007 21:27:52 +0200 From: Michal Mertl <mime@traveller.cz> To: Max Laier <max@love2party.net> Cc: freebsd-current@freebsd.org Subject: Re: PF NAT regression Message-ID: <46E59AB8.3050005@traveller.cz> In-Reply-To: <200709102021.58702.max@love2party.net> References: <1189445938.1321.5.camel@genius.i.cz> <200709102021.58702.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier napsal(a): > On Monday 10 September 2007, Michal Mertl wrote: > >> Hello, >> >> I have recently upgraded 6.2-STABLE based router to -CURRENT kernel and >> I found out the following in /etc/pf.conf does not work anymore: >> >> ext_if="sis0" >> nat on $ext_if from ! ($ext_if) to any -> ($ext_if) >> >> It works again when I change it to: >> >> nat on $ext_if from any to any -> ($ext_if) >> > > Can you show me "ifconfig sis0" and "pfctl -vvvsn" for either rule? It > might be a problem with picking up aliases correctly. You could also try > to limit the nat rule by specifying "inet". A tcpdump on sis0 might also > be helpful to figure out what's going on, as could be "pfctl -xm" to > enable extended debugging on the console. This should print which > address is chosen for any translation. Finally you might want to look at > the rule counters and the state table after trying a couple of > connections I am sorry, I can't reproduce the problem myself anymore :-(. I do not understand how could it have happened - it seemed clear to me before - first version -> no NAT vs. second version -> NAT. I am pretty sure I repeated the test several times. And of course NAT did not work as otherwise I would not be trying to change the ruleset. There is only one IP address on the sis0 interface and it is being assigned by DHCP. If I have problems again I will try to better diagnose the situation. Michal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46E59AB8.3050005>