pf & clonable devices
Eric Masson
e-masson at kisoft-services.com
Mon Jan 17 09:20:12 PST 2005
Hi,
uname -a :
FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 emss at srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6II i386
kldstat :
Id Refs Address Size Name
1 19 0xc0400000 2f6a20 kernel
2 1 0xc06f7000 14f08 if_ppp.ko
3 1 0xc070c000 9a88 if_xl.ko
4 2 0xc0716000 18a44 miibus.ko
5 1 0xc072f000 39ac ulpt.ko
6 9 0xc0733000 1357c agp.ko
7 1 0xc13fa000 1e000 nfsserver.ko
8 1 0xc1429000 28000 pf.ko
I'm back at the moment to an isdn line for internet connection, and I'm
using pppd (kernel ppp) and an isdn TA.
I'm using Alain Thivillon's SSLTunnel for connection to the main office
(kernel ppp tunnel encapsulated in a SSL session)
pppX interfaces are created on demand as pppd is started.
So I end with a setup like this one :
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00
kernel ppp doesn't seem to reuse existing pppX devices, it creates new
ones as needed. PF rules are defined for fixed network devices, so I
destroy pppX interfaces on ppp shutdown and let pppd recreate them as
needed.
In this case, I need to refresh PF by issuing :
pfctl -F all -f /etc/pf.conf
to get traffic passing thru newly recreated ppp0/1 interfaces.
Is this a feature or a bug ?
Regards
Éric Masson
--
Tu as mille fois raison, un abonnement gratuit ce n'est pas un cadeau.
D'ailleurs quand on a eu le beurre, l'argent et le cul de la crémière,
à part dire des conneries, il ne reste plus grand chose à faire.
-+- Biz in GNU : Et là, ça vaut gratuit ou ça fout la chtouille ? -+-
More information about the freebsd-net
mailing list