Is PF nat broken?
Matteo Riondato
rionda at gufi.org
Thu Oct 21 13:53:41 PDT 2004
Thu, 2004-10-21 18:38 CEST, Max Laier wrote:
> Matteo Riondato wrote:
> > Please note that I'm using pf.ko, not in-kernel support.
> > There isn't a "nat enable yes" line in /etc/ppp/ppp.conf
> > Any help will be appreciated.
>
> Well, could you try to tell us what exactly the problem is? I don't see any
> mentioning of the actual problem.
Ouch, sorry, I forgot to mention it.. :)
Well, the fact is that nat does not work. I mean: packets arrive from
the lan to the internal interface (wifi_if = "rl0") and it seems that
they are forward to remote hosts, but when they come back, they are not
forward back to lan hosts.
Here you found the output of "pfctl -vrs":
http://www.riondabsd.net/pfctl-vsr.output
The output of "tcpdump -i rl0 port 110"
http://www.riondabsd.net/tcpdump.rl0
The output of "tcpdump -i tun0 port 110"
http://www.riondabsd.net/tcpdump.tun0
(the two tcpdump were taken at the same time)
Here my /etc/pf.conf
http://www.riondabsd.net/pf.conf
Hope this helps.
Thank you in advance for any hint.
Best Regards
--
Rionda aka Matteo Riondato
GUFI Staff Member (http://www.gufi.org)
FreeSBIE Developer (http://www.freesbie.org)
BSD-FAQ-it Main Developer (http://utenti.gufi.org/~rionda)
Sent from: kaiser.sig11.org running FreeBSD-6.0-CURRENT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: Questa parte del messaggio =?ISO-8859-1?Q?=E8?= firmata
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041021/a1b714f6/attachment.bin
More information about the freebsd-pf
mailing list