Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 04:02:43 -0000
From:      Max Laier <max@love2party.net>
To:        pf4freebsd@freelists.org
Subject:   [pf4freebsd] Re: nat dynamic ip interface
Message-ID:  <20040316101632.GA79257@router.laiers.local>
In-Reply-To: <20040316085734.GA40180@active.ath.cx>
References:  <20040316085734.GA40180@active.ath.cx>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, Mar 16, 2004 at 10:57:34AM +0200, Amir S. wrote:
> I'm using FreeBSD 5.2-CURRENT #0: Tue Mar  9 13:05:04 IST 2004.
> I have switched to test pf for my nat and firewall,
> but I'm having problems with natting my private network to internet.
> 
> I have the following interfaces handled by pf:
> 	fxp0 - local network
> 	fxp1 - adsl modem, I connect to it over pppoe using freebsd `ppp`.
> 	tun0 - internet interface
> 
> I'm using this rule to do natting:
> 	nat on $ext_if from $int_if:network to any -> ($ext_if)
>
> the problems begins after while my machine is running, 
> my internet connection dies and reconnects, 
> and my interface recevies a new ip.
Thanks! Good catch. That does not work due to a missmerge while submitting
the changes. You can fix this by defining HOOK_HACK during kernel or
pf-module compilation. I will committ a fix shortly.

<...>
> pass out on $adsl_if proto tcp all modulate state flags S/SA group wheel
> pass out on $adsl_if proto { udp, icmp } all keep state group wheel

This seems bogus as there should not be any ip traffic on $adsl_if. All
traffic there should be encapsulated inside of PPPoE packets. Take a look at
the counters to see if these rules are matched at all. (pfctl -vsr)

-- 
Best regards,				| mlaier@freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet
-- Attached file included as plaintext by Ecartis --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAVtQAXyyEoT62BG0RAiXzAJ9AMycLQ2VoYJpM74RCPkZOhs/gbACfaX6L
9SzafVb7N1l1MhlRY5VRYxI=
=rtxY
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040316101632.GA79257>