intresting error(bug?)
Szukács István
leccine at gmail.com
Fri Feb 10 08:11:09 PST 2006
i have a freebsd 5.4 server
ifconfig
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 195.xxx.157.214 netmask 0xffffffe0 broadcast 195.228.157.223
inet6 fe80::211:11ff:fe56:ec80%fxp0 prefixlen 64 scopeid 0x1
inet6 3ffe:401c:430::1 prefixlen 64
ether 00:11:11:56:ec:80
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nat on $ext_if from 127.1.0.0/16 to any -> ($ext_if)
i just realised that in my jail every second connection is working.
i check the pfctl -ss
self tcp 127.1.0.1:53321 -> 10.0.0.4:61360 ->
195.228.157.253:6667 SYN_SENT:CLOSED
wtf??
why 10.0.0.4? The last week we tested some vpn-s here and then i use
this ip temporary for testing, after i delete it
ifconfig fxp0 add -alias 10.0.0.4 0xffffff00
but the pf use it for NAT like it is still exists there
i changed my rules
nat on $ext_if from 127.1.0.0/16 to any -> 195.xxx.157.214
now it is working but my question is why pf still use this ip even it
is no more exists there
(i reloaded the ruleset and flushed the state table before)
(sorry for my english)
More information about the freebsd-pf
mailing list