pf & clonable devices
Max Laier
max at love2party.net
Tue Jan 18 04:50:32 PST 2005
On Tuesday 18 January 2005 13:31, Eric Masson wrote:
> >>>>> "Eric" == Eric Masson <e-masson at kisoft-services.com> writes:
>
> Followup to myself.
>
> A refinement in the problem description :
> Trafic from the host where pf runs flows fine, but I need to issue a
> pfctl -F all -f /etc/pf.conf to make traffic from/to hosts on the
> network.
Okay, that hints that the NAT-rule is to blame. Can you check the output of
"$pfctl -vvsn" after a reconnect, but before issuing a ruleset reload? This
looks a bit like PR kern/69954, in which case you might want to try to write
your nat-rule as:
nat on $ext_if from $int_if:network to any -> ($ext_if:0)
Please let me know if that helps and - if not - send in the output of -vvsn.
Thanks.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050118/8c79476f/attachment.bin
More information about the freebsd-pf
mailing list