From owner-freebsd-pf@FreeBSD.ORG Fri Oct 22 05:59:09 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 344AC16A4CE for ; Fri, 22 Oct 2004 05:59:09 +0000 (GMT) Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id A9F2943D53 for ; Fri, 22 Oct 2004 05:59:08 +0000 (GMT) (envelope-from yongari@kt-is.co.kr) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i9M5wjAh002162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 22 Oct 2004 14:58:46 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i9M5wSvJ030628 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 22 Oct 2004 14:58:29 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i9M5wSaJ030627; Fri, 22 Oct 2004 14:58:28 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Date: Fri, 22 Oct 2004 14:58:28 +0900 From: Pyun YongHyeon To: Matteo Riondato Message-ID: <20041022055828.GB30294@kt-is.co.kr> References: <1098392019.909.22.camel@kaiser.sig11.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1098392019.909.22.camel@kaiser.sig11.org> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) cc: freebsd-pf@freebsd.org Subject: Re: Is PF nat broken? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: yongari@kt-is.co.kr List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2004 05:59:09 -0000 On Thu, Oct 21, 2004 at 10:53:39PM +0200, Matteo Riondato wrote: > Thu, 2004-10-21 18:38 CEST, Max Laier wrote: > > Matteo Riondato wrote: > > > Please note that I'm using pf.ko, not in-kernel support. > > > There isn't a "nat enable yes" line in /etc/ppp/ppp.conf > > > Any help will be appreciated. > > > > Well, could you try to tell us what exactly the problem is? I don't see any > > mentioning of the actual problem. > > Ouch, sorry, I forgot to mention it.. :) > Well, the fact is that nat does not work. I mean: packets arrive from > the lan to the internal interface (wifi_if = "rl0") and it seems that > they are forward to remote hosts, but when they come back, they are not > forward back to lan hosts. > > Here you found the output of "pfctl -vrs": > http://www.riondabsd.net/pfctl-vsr.output > You many need "pfctl -vvsn" to check NAT and "pfctl -vss" to check created states. > The output of "tcpdump -i rl0 port 110" > http://www.riondabsd.net/tcpdump.rl0 > > The output of "tcpdump -i tun0 port 110" > http://www.riondabsd.net/tcpdump.tun0 > > (the two tcpdump were taken at the same time) > I guess additional "-nvvv" options is preferable since it conveies more information than that of plain tcpdump command. > Here my /etc/pf.conf > http://www.riondabsd.net/pf.conf > Remove block rule or add log keyword and check whether your NAT rule really works. > Hope this helps. > Thank you in advance for any hint. PS: Your mail server rejects my mail. -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org