[pf4freebsd] Re: Version 1.52

Pyun YongHyeon yongari at kt-is.co.kr
Wed Sep 15 20:39:53 PDT 2004 

On Sun, Jun 08, 2003 at 10:50:38PM +0200, Rolf wrote:
 > 
 > Hi, keep up the good work guys!
 > 
 > I've just upgraded my gateway to fbsd 5.1 RELEASE #0.
 > Then I installed your pf_freebsd_1.52 package, guess what! It works!! BUT! 
 > I am an xDSL user, and got some problems with NAT through pf when using ppp protocol to connect PPPoE ,and have not (yet) had time and effort to lookup this error.
 > 
 > My NAT rule in pf.conf is exatly as posted here: nat on ! ?Int from $Int/24 to any -> $Ext
 > where Int=xl1 and Ext=tun0.
 > 
Thanks for your feedback.
There are two methods on FreeBSD to use xDSL, also known as user mode and
kernel mode. It seems that you use userland PPPoE client becuase your
external interface is tun0. Right?
You should first check your xDSL connection without pf.
(To narrow down the problem.)
There may be some differences between OpenBSD ppp and FreeBSD ppp
configuration.

Currently, FreeBSD pf can't detect address changes accomplished by ppp
client software(ppp or mpd). OpenBSD pf knows about that and takes care
about it.
This is one of differences between FreeBSD pf and OpenBSD one.
You should reload your pf rule whenever your external address(tun0)
chanages.  This can be done via /etc/ppp/ppp.linkup file. See ppp(8) for
more detailes.(This problem can be fixed if we can have a write access
FreeBSD kernel sources.)

If you can't NAT with this, please let me know. Please include the
following information.
	1. FreeBSD/pf version used
	2. your kernel configuration if you have customized one
	3. your complete pf rule set
	4. your network configuration
	5. your ppp start up script in /etc/ppp/ppp.linkup

You would get more stable version if users like you report more problems.
Thank you and good luck.

 > This worked great on my former OBSD box, and should have worked on my FBSD to.
 > 
 > I would love to use pf's NAT(RDR works great).
 > OH, IPv6 works great for me, that's it so far..
 > 
 >  I have not been able or have found the time and effort to test any other functions...
 > 
 > Rolf
 > 

-- 
Pyun YongHyeon <http://www.kr.freebsd.org/~yongari>

More information about the freebsd-pf mailing list