10.2-RELEASE not forwarding packets/NATing with pf

[Sergey Grigorian]

Hello list.

I'm observing a weird thing with pf.conf/packet forwarding after upgrading from 10.1-RELEASE-p19 to 10.2-RELEASE.

I have a simple lan gateway with a primitive pf.conf which is running just fine on 10.1-RELEASE-p19, performing some pretty minimal .

However, once I upgrade to 10.2-RELEASE kernel -- that is, after the first restart during "freebsd-update upgrade -r 10.2-RELEASE" -- the box wont nat or forward packets anymore.

What could be the reason for this? Has anything change about pf between 10.1 and 10.2? Where do I look? Am I missing soething obvious?

Thanks.



Here's the /etc/pf.conf:

ext_if="hn0"

int_if="hn1"

set block-policy return

set loginterface $ext_if

set skip on lo

scrub in

nat pass log on $ext_if inet from !($ext_if) -> ($ext_if:0)

rdr pass on $ext_if proto tcp from any to any port 10022 -> 172.16.1.3 port ssh

rdr pass on $ext_if proto tcp from any to any port 10122 -> 172.16.1.4 port ssh

rdr pass on $ext_if proto tcp from any to any port 10222 -> 172.16.1.5 port ssh

pass all



And here's /etc/sysctl.conf:

net.inet.ip.forwarding=1



And here's kldstat for completeness sake:

Id Refs Address            Size     Name

 1   14 0xffffffff80200000 179ddb0  kernel

 2    1 0xffffffff8199e000 2f9b00   zfs.ko

 3    2 0xffffffff81c98000 6048     opensolaris.ko

 4    1 0xffffffff81e11000 26d1     pflog.ko

 5    1 0xffffffff81e14000 32e6f    pf.ko