Site Navigation

Date:      Sun, 31 Dec 2006 09:16:38 +0200
From:      "Huzeyfe Onal" <huzeyfe.onal@gmail.com>
To:        sukaca <myninku@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Rules must be in order
Message-ID:  <ffa9ac690612302316s38eb5effyb0b23d7e756c205e@mail.gmail.com>
In-Reply-To: <afce09420612302139h130776d6m27d677bdb4b32876@mail.gmail.com>
References:  <afce09420612302139h130776d6m27d677bdb4b32876@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Hi,

error says what sohuld you do:
"/etc/pf.conf:13: Rules must be in order: options, normalization, queueing,"

Your pf rules order is wrong. The order should be
like...Queue->NAT->Filtering...

new pf.conf ;
---
ext_if="lnc0"   # replace with actual external interface name i.e., dc0
int_if="lnc0"   # replace with actual internal interface name i.e., dc1
internal_net1="10.10.1.1/24"
internal_net2="10.10.2.1/24"

altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
 queue internal_net2 bandwidth 64Kb cbq(default borrow)
 queue internal_net1 bandwidth 64Kb cbq(red borrow)


nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194

pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)

----



On 12/31/06, sukaca <myninku@gmail.com> wrote:
> dear all
>
> i just configure pf+altq
> and got error masssage
>
> this my config
>
> ext_if="lnc0"   # replace with actual external interface name i.e., dc0
> int_if="lnc0"   # replace with actual internal interface name i.e., dc1
> internal_net1="10.10.1.1/24"
> internal_net2="10.10.2.1/24"
>
> altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
> queue internal_net2 bandwidth 64Kb cbq(default borrow)
> queue internal_net1 bandwidth 64Kb cbq(red borrow)
>
> pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
> pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)
>
> nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
> nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194
>
> the error is
>
> pfctl -f /etc/pf.conf
> /etc/pf.conf:13: Rules must be in order: options, normalization, queueing,
> translation, filtering
> /etc/pf.conf:14: Rules must be in order: options, normalization, queueing,
> translation, filtering
> pfctl: Syntax error in config file: pf rules not loaded
>
> where is my wrong
> and what should i do
>
> thanks and regard
>
> vicky
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>



-- 
Huzeyfe ÖNAL
EnderUnix Core Team Member
huzeyfe@enderunix.org
http://www.enderunix.org/huzeyfe
+90 555 255 4593

Ag guvenligi listesine uye oldunuz mu?
http://www.huzeyfe.net/netsec.html
---

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ffa9ac690612302316s38eb5effyb0b23d7e756c205e>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact