From owner-freebsd-pf@FreeBSD.ORG Thu Oct 21 20:53:41 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7320916A4CE for ; Thu, 21 Oct 2004 20:53:41 +0000 (GMT) Received: from vsmtp2.tin.it (vsmtp2alice.tin.it [212.216.176.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BC5243D39 for ; Thu, 21 Oct 2004 20:53:41 +0000 (GMT) (envelope-from rionda@gufi.org) Received: from kaiser.sig11.org (82.52.115.76) by vsmtp2.tin.it (7.0.027) id 4175094F00141553 for freebsd-pf@freebsd.org; Thu, 21 Oct 2004 22:53:41 +0200 Received: from [127.0.0.1] (localhost [127.0.0.1]) by kaiser.sig11.org (Postfix) with ESMTP id 9270571 for ; Thu, 21 Oct 2004 22:53:39 +0200 (CEST) From: Matteo Riondato To: freebsd-pf@freebsd.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Pj3if7nhEm30sIzXpS0p" Message-Id: <1098392019.909.22.camel@kaiser.sig11.org> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 21 Oct 2004 22:53:39 +0200 Subject: Re: Is PF nat broken? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: rionda@gufi.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Oct 2004 20:53:41 -0000 --=-Pj3if7nhEm30sIzXpS0p Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Thu, 2004-10-21 18:38 CEST, Max Laier wrote: > Matteo Riondato wrote: > > Please note that I'm using pf.ko, not in-kernel support. > > There isn't a "nat enable yes" line in /etc/ppp/ppp.conf > > Any help will be appreciated. >=20 > Well, could you try to tell us what exactly the problem is? I don't see a= ny=20 > mentioning of the actual problem. Ouch, sorry, I forgot to mention it.. :) Well, the fact is that nat does not work. I mean: packets arrive from the lan to the internal interface (wifi_if =3D "rl0") and it seems that they are forward to remote hosts, but when they come back, they are not forward back to lan hosts. Here you found the output of "pfctl -vrs": http://www.riondabsd.net/pfctl-vsr.output The output of "tcpdump -i rl0 port 110" http://www.riondabsd.net/tcpdump.rl0 The output of "tcpdump -i tun0 port 110"=20 http://www.riondabsd.net/tcpdump.tun0 (the two tcpdump were taken at the same time) Here my /etc/pf.conf http://www.riondabsd.net/pf.conf Hope this helps.=20 Thank you in advance for any hint. Best Regards --=20 Rionda aka Matteo Riondato GUFI Staff Member (http://www.gufi.org) FreeSBIE Developer (http://www.freesbie.org) BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda) Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT --=-Pj3if7nhEm30sIzXpS0p Content-Type: application/pgp-signature; name=signature.asc Content-Description: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBeCHT2Mp4pR7Fa+wRAivdAJ9ib0czJOgjBxvETA3lzZbv4hgxDQCgiH/B rAJ1HsBkhEiFjGvpfeCcvdM= =yVsH -----END PGP SIGNATURE----- --=-Pj3if7nhEm30sIzXpS0p--