From owner-freebsd-questions@freebsd.org Fri Sep 4 12:50:53 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77F809CA770 for ; Fri, 4 Sep 2015 12:50:53 +0000 (UTC) (envelope-from grigorian@theconcept.ru) Received: from mail.theconcept.ru (mail.theconcept.ru [62.141.91.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.theconcept.ru", Issuer "Concept Issuing CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C397B38C for ; Fri, 4 Sep 2015 12:50:52 +0000 (UTC) (envelope-from grigorian@theconcept.ru) From: Sergey Grigorian To: Mario Lobo CC: Mike Tancsa , "freebsd-questions@freebsd.org" Subject: RE: 10.2-RELEASE not forwarding packets/NATing with pf Thread-Topic: 10.2-RELEASE not forwarding packets/NATing with pf Thread-Index: AdDmPpAd8dAIyZkgTd2lE3h5r9y0Ev//6dCAgAA7QM7//9oVAIABonF6 Date: Fri, 4 Sep 2015 12:49:43 +0000 Message-ID: <5C137CAA56211A448C4F58E75EFB6266C285E65E@EXCHANGE.lan.theconcept.ru> References: <5C137CAA56211A448C4F58E75EFB6266C285B582@EXCHANGE.lan.theconcept.ru> <55E84B51.7070103@sentex.net> <5C137CAA56211A448C4F58E75EFB6266C285E5CC@EXCHANGE.lan.theconcept.ru>, <20150903114614.17c98a13@Papi> In-Reply-To: <20150903114614.17c98a13@Papi> Accept-Language: en-US, ru-RU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-KSE-AntiSpam-Interceptor-Info: internally-submitted e-mail X-KSE-ServerInfo: GATEWAY.lan.theconcept.ru, 9 X-KSE-Antivirus-Interceptor-Info: scan successful X-KSE-Antivirus-Info: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Sep 2015 12:50:53 -0000 > > > > And here's /etc/sysctl.conf: > > > > > > > > net.inet.ip.forwarding=3D1 > > > > > > > > > Hi, > > > This does not work the way it might have in the past. Make > > > sure you set gateway_enable=3D"YES" > > > in /etc/rc.conf > > > otherwise, devd and /etc/rc.d/routing will reset > > > net.inet.ip.forwarding to 0 on certain network events. > > > > > > ---Mike > > > > Mike, > > thanks for your suggestion. > > I have gateway_enable=3D"YES" set in /etc/rc.conf > > Is there anything else I miss? > > > > Here's the /etc/rc.conf itself: > > defaultrouter=3D172.16.0.1 > > ifconfig_hn0=3D"inet 172.16.0.3 netmask 255.255.255.0" > > ifconfig_hn0_alias0=3D"inet 172.16.0.4 netmask 255.255.255.255" > > ifconfig_hn1=3D"inet 172.16.1.1 netmask 255.255.255.0" > > ifconfig_hn1_alias0=3D"inet 172.16.1.7 netmask 255.255.255.255" > > gateway_enable=3D"YES" > > pf_enable=3D"YES" > > pflog_enable=3D"YES" > > sshd_enable=3D"YES" > > ntpd_enable=3D"YES" > > ntpd_sync_on_start=3D"YES" > > cron_enable=3D"YES" > > cron_flags=3D"-j 60 -J 60" > > syslogd_flags=3D"-ss" > > sendmail_enable=3D"NO" > > sendmail_submit_enable=3D"NO" > > sendmail_outbound_enable=3D"NO" > > sendmail_msp_queue_enable=3D"NO" > > accounting_enable=3D"YES" > > tcp_drop_synfin=3D"YES" > > icmp_drop_redirect=3D"YES" > > clear_tmp_enable=3D"YES" =20 > I know this sounds obvious but do you have >=20 > device pf > device pflog >=20 > in your kernel? or pf.ko loaded ? Mario, I load pf as a module, so pf.ko is loaded. This box runs a stock RELEASE ke= rnel. What confuses me is that this setup works perfectly on 10.1, but stops work= ing the second I boot into the 10.2-RELEASE-p2 kernel.=