Date: Fri, 8 Sep 2006 01:06:48 +0300 From: "Ivan Levchenko" <levchenko.i@gmail.com> To: "eculp@bafirst.com" <eculp@bafirst.com> Cc: freebsd-pf@freebsd.org Subject: Re: pf fails to start Message-ID: <e39dd5bb0609071506g1c7744e3l44bd092474d5ebfb@mail.gmail.com> In-Reply-To: <20060907143415.scknj7rgo40k8k0w@mail.bafirst.com> References: <922498059.20060907160002@yandex.ru> <d5992baf0609070844i24006d7vc71d7e0a2bd80fa6@mail.gmail.com> <20060907143415.scknj7rgo40k8k0w@mail.bafirst.com>
next in thread | previous in thread | raw e-mail | index | archive | help
i was having the same problem so i tried this out and here is what i got:
snip from pf.conf
ext_if="tun0"
nat on ($ext_if) from <allowed> to any -> ($ext_if) # this gives me an error
but the following:
nat on $ext_if from <allowed> to any -> ($ext_if)
doesn't give me any errors.
i also added the braces in all of my rules and they all started to
give me errors, for example:
pass out on ($ext_if) proto { tcp, udp } all keep state
The error i'm getting is:
/etc/pf.conf:48: syntax error # i get 9 of them
any clues anybody???
On 9/7/06, eculp@bafirst.com <eculp@bafirst.com> wrote:
> Quoting Scott Ullrich <sullrich@gmail.com>:
>
> > On 9/7/06, KES <kes-kes@yandex.ru> wrote:
> >> Hello
> >>
> >> pf fails to start if interface doesnt exist or IP address not assigned
> >>
> >> I have trobles with tun0 (pppeo connection)
> >>
> >> Look at next picture:
> >>
> >> 1) power fail,
> >> 2) FreeBSD starting,
> >> 3) do pppoe connection to provider
> >> 3.a) pppoe fail (ISP has some problem)
> >> 4) pf starts and fails =((
> >> 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C)
> >>
> >> Copy of console messages:
> >> pflog promiscios
> >> pf enabled
> >> pflog: here some message (I don't remember)
> >>
> >> some experements:
> >>
> >> kes# ps ax|grep ppp
> >> 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl
> >> 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased
> >> 47226 p2 DL+ 0:00.00 grep ppp
> >>
> >> #KILL pppoe connection
> >> kes# kill -9 373
> >> kes# kill -9 373
> >> 373: No such process
> >>
> >> #Reload pf.conf
> >> kes# pfctl -f /etc/pf.conf
> >> no IP address found for tun0
> >> /etc/pf.conf:48: could not parse host specification
> >> no IP address found for tun0
> >> /etc/pf.conf:66: could not parse host specification
> >> no IP address found for tun0
> >> /etc/pf.conf:100: could not parse host specification
> >> no IP address found for tun0
> >> /etc/pf.conf:101: could not parse host specification
> >> pfctl: Syntax error in config file: pf rules not loaded
> >>
> >> #start pppoe
> >> kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased
> >> kes# pfctl -f /etc/pf.conf
> >>
> >> #no errors here.
> >> kes#
> >>
> >> So I have no "Syntax error in config file"
> >>
> >> TO authur of pf:
> >> You must change behavior of pf like ipfw does.
> >> ipfw only do warning messages in situations like this.
> >
> > Please share your entire pf rules file. There are ways to work around
> > this. Most notably you can wrap tun0 around () and PF will silently
> > ignore the item until the interface is actually up and running.
>
> Whould that be "(" tun0 ")" ? Or would a simple ( tun0 ) work?
>
> Thanks,
>
> ed
> >
> > Scott
> > _______________________________________________
> > freebsd-pf@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
> >
>
>
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
--
Best Regards,
Ivan Levchenko
levchenko.i@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e39dd5bb0609071506g1c7744e3l44bd092474d5ebfb>