NAT problem with pppoe
Reinhard Haller
reinhard.haller at interactive-net.de
Tue May 20 21:09:24 UTC 2008
Hi,
I suspect pf is caching invalid outdated dynamic addresses. After this
happens, all requests
sent from internal hosts are sent with the previous dynamic address as
source address and
are ignored by our provider. Requests sent directly from our pf-box use
the new dynamic
address as expected.
/etc/pf.conf
ext_if="tun0"
external_net="!192.168.0.0/16"
nat on $ext_if from !($ext_if) -> ($ext_if)
anchor portupgrade out on $ext_if
pass out on $ext_if from ($ext_if) to $external_net tagged FORWARD
pass quick proto { tcp, udp } from $dns_server to <dnsServer> port
domain tag FORWARD
the anchor portupgrade is filled with the ppp-linkup script (DNS0/1)
pass quick inet proto udp from (tun0) to 212.18.3.5 port = domain keep
state
Sending HUP to ppp does'nt eliminate the problem, pfctl -d/-e and a
restart of the
internal server solve it.
The pf-box uses freebsd 7.0 stable, usermode-ppp is used to connect with
the provider.
Any suggestions?
Thanks
Reinhard
More information about the freebsd-pf
mailing list