PF NAT regression
Max Laier
max at love2party.net
Mon Sep 10 11:22:02 PDT 2007
On Monday 10 September 2007, Michal Mertl wrote:
> Hello,
>
> I have recently upgraded 6.2-STABLE based router to -CURRENT kernel and
> I found out the following in /etc/pf.conf does not work anymore:
>
> ext_if="sis0"
> nat on $ext_if from ! ($ext_if) to any -> ($ext_if)
>
> It works again when I change it to:
>
> nat on $ext_if from any to any -> ($ext_if)
Can you show me "ifconfig sis0" and "pfctl -vvvsn" for either rule? It
might be a problem with picking up aliases correctly. You could also try
to limit the nat rule by specifying "inet". A tcpdump on sis0 might also
be helpful to figure out what's going on, as could be "pfctl -xm" to
enable extended debugging on the console. This should print which
address is chosen for any translation. Finally you might want to look at
the rule counters and the state table after trying a couple of
connections.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20070910/38870093/attachment.pgp
More information about the freebsd-current
mailing list