[pf4freebsd] Re: nat dynamic ip interface
Max Laier
max at love2party.net
Wed Sep 15 21:02:43 PDT 2004
On Tue, Mar 16, 2004 at 10:57:34AM +0200, Amir S. wrote:
> I'm using FreeBSD 5.2-CURRENT #0: Tue Mar 9 13:05:04 IST 2004.
> I have switched to test pf for my nat and firewall,
> but I'm having problems with natting my private network to internet.
>=20
> I have the following interfaces handled by pf:
> fxp0 - local network
> fxp1 - adsl modem, I connect to it over pppoe using freebsd `ppp`.
> tun0 - internet interface
>=20
> I'm using this rule to do natting:
> nat on $ext_if from $int_if:network to any -> ($ext_if)
>
> the problems begins after while my machine is running,=20
> my internet connection dies and reconnects,=20
> and my interface recevies a new ip.
Thanks! Good catch. That does not work due to a missmerge while submittin=
g
the changes. You can fix this by defining HOOK_HACK during kernel or
pf-module compilation. I will committ a fix shortly.
<...>
> pass out on $adsl_if proto tcp all modulate state flags S/SA group whee=
l
> pass out on $adsl_if proto { udp, icmp } all keep state group wheel
This seems bogus as there should not be any ip traffic on $adsl_if. All
traffic there should be encapsulated inside of PPPoE packets. Take a look=
at
the counters to see if these rules are matched at all. (pfctl -vsr)
--=20
Best regards, | mlaier at freebsd.org
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
-- Attached file included as plaintext by Ecartis --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAVtQAXyyEoT62BG0RAiXzAJ9AMycLQ2VoYJpM74RCPkZOhs/gbACfaX6L
9SzafVb7N1l1MhlRY5VRYxI=3D
=3DrtxY
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list