From owner-freebsd-hackers@FreeBSD.ORG Sat May 30 12:45:18 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F344B1065673 for ; Sat, 30 May 2009 12:45:17 +0000 (UTC) (envelope-from gemochka@gmail.com) Received: from mail-fx0-f163.google.com (mail-fx0-f163.google.com [209.85.220.163]) by mx1.freebsd.org (Postfix) with ESMTP id 8180A8FC08 for ; Sat, 30 May 2009 12:45:17 +0000 (UTC) (envelope-from gemochka@gmail.com) Received: by fxm7 with SMTP id 7so199197fxm.43 for ; Sat, 30 May 2009 05:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=i1z7b9JCy5/n0f7npb0Sa+4bP81caRQ6pjJLGq6NOjY=; b=Zkrq8YNmija2qXRGg4otHFG4qOg3CX280XjLNCP7ow9v3+oZiVQ+ZUYe9pRrk5pm6T 3d+rXKkMtOU7mEIqQFtWxEJG8TNlSTXpyG6sEJeU2IfBzb6O/zGX+G+yR9l60I4VjzU/ DV5Ox5ByH85i52TKScIY1HOH91b5B7ZVfrAg4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=NYEOvtXyxIe/F02ytNMpqKN2KVElyWGOnASqRo/2vJwzj/mi7n5ACJy/COJFE8jikm jDUYmM6v2UAuegR2LTgdk8rBOEen+5mJs9BdSpvsmEIeueXz59c9wJoFcpsFvIHaOBFs Uw1pMFeRYHwoXXZacA0cXKfLwJdrA9UqVcMlQ= MIME-Version: 1.0 Received: by 10.103.244.4 with SMTP id w4mr2177814mur.90.1243685570827; Sat, 30 May 2009 05:12:50 -0700 (PDT) Date: Sat, 30 May 2009 16:12:50 +0400 Message-ID: <84133fac0905300512ja548f95v756eb4e006f06ac8@mail.gmail.com> From: Gema niskazhu To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pf nat+bridge X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 May 2009 12:45:18 -0000 Hi all! First of all sorry for my bad english again =) I've got some problems with nat gw with pf. My situation is pretty simple: I've got 2 networks: external - 10.7.240.0/20 and a internal qemu network with a tap networking 192.168.0/24 External and internal ifaces are bridged cloned_interfaces="tap0 bridge0" autobridge_interfaces="bridge0" autobridge_bridge0="tap0 nfe0" I've dhcpd on nfe0 and it could be accesed through bridge. I've such a simple rule in pf.conf: qemu_if = "tap0" ext_if = "nfe0" nat on $ext_if from $qemu_if:network to any -> ($ext_if) pass from {lo0,$qemu_if:network } to any keep state But none packet forwarded if we try to acces external host from internal network. Is there any specificity of nat'ing bridged networks? Or i mistaken some where else? Sorry for dumb question. Thanks a lot in advance!