pf & clonable devices

Max Laier max at
Tue Jan 18 04:50:32 PST 2005

On Tuesday 18 January 2005 13:31, Eric Masson wrote:
> >>>>> "Eric" == Eric Masson <e-masson at> writes:
> Followup to myself.
> A refinement in the problem description :
> Trafic from the host where pf runs flows fine, but I need to issue a
> pfctl -F all -f /etc/pf.conf to make traffic from/to hosts on the
> network.

Okay, that hints that the NAT-rule is to blame.  Can you check the output of 
"$pfctl -vvsn" after a reconnect, but before issuing a ruleset reload?  This 
looks a bit like PR kern/69954, in which case you might want to try to write 
your nat-rule as:

nat on $ext_if from $int_if:network to any -> ($ext_if:0)

Please let me know if that helps and - if not - send in the output of -vvsn.


/"\  Best regards,                      | mlaier at
\ /  Max Laier                          | ICQ #67774661
 X  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-pf mailing list