Date: Thu, 3 Sep 2015 11:49:17 +0000 From: Sergey Grigorian <grigorian@theconcept.ru> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: 10.2-RELEASE not forwarding packets/NATing with pf Message-ID: <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru>
next in thread | raw e-mail | index | archive | help
Hello list. I'm observing a weird thing with pf.conf/packet forwarding after upgrading = from 10.1-RELEASE-p19 to 10.2-RELEASE. I have a simple lan gateway with a primitive pf.conf which is running just = fine on 10.1-RELEASE-p19, performing some pretty minimal . However, once I upgrade to 10.2-RELEASE kernel -- that is, after the first = restart during "freebsd-update upgrade -r 10.2-RELEASE" -- the box wont nat= or forward packets anymore. What could be the reason for this? Has anything change about pf between 10.= 1 and 10.2? Where do I look? Am I missing soething obvious? Thanks. Here's the /etc/pf.conf: ext_if=3D"hn0" int_if=3D"hn1" set block-policy return set loginterface $ext_if set skip on lo scrub in nat pass log on $ext_if inet from !($ext_if) -> ($ext_if:0) rdr pass on $ext_if proto tcp from any to any port 10022 -> 172.16.1.3 port= ssh rdr pass on $ext_if proto tcp from any to any port 10122 -> 172.16.1.4 port= ssh rdr pass on $ext_if proto tcp from any to any port 10222 -> 172.16.1.5 port= ssh pass all And here's /etc/sysctl.conf: net.inet.ip.forwarding=3D1 And here's kldstat for completeness sake: Id Refs Address Size Name 1 14 0xffffffff80200000 179ddb0 kernel 2 1 0xffffffff8199e000 2f9b00 zfs.ko 3 2 0xffffffff81c98000 6048 opensolaris.ko 4 1 0xffffffff81e11000 26d1 pflog.ko 5 1 0xffffffff81e14000 32e6f pf.ko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C137CAA56211A448C4F58E75EFB6266C285B582>