From owner-freebsd-net@FreeBSD.ORG Mon Jan 17 17:20:11 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F221F16A4CE for ; Mon, 17 Jan 2005 17:20:11 +0000 (GMT) Received: from mallaury.noc.nerim.net (smtp-101-monday.noc.nerim.net [62.4.17.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08FBF43D45 for ; Mon, 17 Jan 2005 17:20:11 +0000 (GMT) (envelope-from e-masson@kisoft-services.com) Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net [62.212.107.51]) by mallaury.noc.nerim.net (Postfix) with ESMTP id 45B7362EE6 for ; Mon, 17 Jan 2005 18:20:07 +0100 (CET) Received: from localhost (localhost [127.0.0.1])B27ACC1EB for ; Mon, 17 Jan 2005 18:20:06 +0100 (CET) Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01130-09 for ; Mon, 17 Jan 2005 18:19:55 +0100 (CET) Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix, from userid 1001) id 63B1CC1BD; Mon, 17 Jan 2005 18:19:55 +0100 (CET) To: Mailing List FreeBSD Network From: Eric Masson X-Operating-System: FreeBSD 5.3-STABLE i386 Date: Mon, 17 Jan 2005 18:19:55 +0100 Message-ID: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through Obscurity, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 8bit X-Virus-Scanned: amavisd-new at interne.kisoft-services.com Subject: pf & clonable devices X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jan 2005 17:20:12 -0000 Hi, uname -a : FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6II i386 kldstat : Id Refs Address Size Name 1 19 0xc0400000 2f6a20 kernel 2 1 0xc06f7000 14f08 if_ppp.ko 3 1 0xc070c000 9a88 if_xl.ko 4 2 0xc0716000 18a44 miibus.ko 5 1 0xc072f000 39ac ulpt.ko 6 9 0xc0733000 1357c agp.ko 7 1 0xc13fa000 1e000 nfsserver.ko 8 1 0xc1429000 28000 pf.ko I'm back at the moment to an isdn line for internet connection, and I'm using pppd (kernel ppp) and an isdn TA. I'm using Alain Thivillon's SSLTunnel for connection to the main office (kernel ppp tunnel encapsulated in a SSL session) pppX interfaces are created on demand as pppd is started. So I end with a setup like this one : ppp0: flags=8051 mtu 1524 inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00 ppp1: flags=8051 mtu 1500 inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00 kernel ppp doesn't seem to reuse existing pppX devices, it creates new ones as needed. PF rules are defined for fixed network devices, so I destroy pppX interfaces on ppp shutdown and let pppd recreate them as needed. In this case, I need to refresh PF by issuing : pfctl -F all -f /etc/pf.conf to get traffic passing thru newly recreated ppp0/1 interfaces. Is this a feature or a bug ? Regards Éric Masson -- Tu as mille fois raison, un abonnement gratuit ce n'est pas un cadeau. D'ailleurs quand on a eu le beurre, l'argent et le cul de la crémière, à part dire des conneries, il ne reste plus grand chose à faire. -+- Biz in GNU : Et là, ça vaut gratuit ou ça fout la chtouille ? -+-