From owner-freebsd-questions@FreeBSD.ORG Thu Jul 29 21:23:53 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1120416A4DB for ; Thu, 29 Jul 2004 21:23:53 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7405943D58 for ; Thu, 29 Jul 2004 21:23:52 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BqINP-00062m-00; Thu, 29 Jul 2004 23:23:47 +0200 Received: from [84.128.140.215] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BqINP-0006FW-00; Thu, 29 Jul 2004 23:23:47 +0200 From: Max Laier To: RJ45 Date: Thu, 29 Jul 2004 23:21:40 +0200 User-Agent: KMail/1.6.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_rpWCBsenbvbZvc9"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407292321.47252.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-questions@freebsd.org Subject: Re: problems with PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2004 21:23:53 -0000 --Boundary-02=_rpWCBsenbvbZvc9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 29 July 2004 22:57, RJ45 wrote: > hello, > I configured PF for natting machines on my LAN > using FreeBSD as ADSL gateway. > > I just write a simple rule > nat on tun0 from 172.16.16.0/24 to any -> (tun0) ^^^^^^ > but NAT does not work, packets are blocked. > > ip forwarding is enabled > > using ipfilter works and packets are natted succesfully with a simple rule > the same as before: > > map tun0 172.16.16.0/24 -> tun0/32 > > > I am using PF on OpenBSD since the first time it was released > so I Am sure it is not a problem of my configuration (After all more > than very simple) > using PF on FreeBSD I noticed simply packets are not NATted. Well they are, but to a wrong address or no address at all, depending on th= e=20 state of tun0 upon loading the ruleset. > I have to say I am using it on sparc64 FreeBSD 5.2.1 on ultra 60. > > anyone has some hints ? Have you applied the dynamic address patches? # cd /usr/ports/security/pf && make extract && cd work/pf_freebsd_2.03/patc= hes # less README for details. Unless you did so, the "(ifname)" syntax will not work on 5.2.= 1R.=20 As a workaround you can place a #pfctl -f in your linkup script.= =20 Other than that, you might want to try a recent -current snapshot in order = to=20 build 3.5 pf (the port is still as of 3.4) out of the box. There you have a= ll=20 the fancy interface handling that comes with 3.5 (including dynamic address= es=20 of course) and additionally there is ALTQ ;) Patches for hme(4) from Pyun=20 YongHyeon are on http://people.freebsd.org/~mlaier/ALTQ_driver/ other drive= r=20 patches upon request. sparc64 should not be a problem for pf in general. > maybe on i386 works who knows ? Not with the dynamic address syntax, no. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-02=_rpWCBsenbvbZvc9 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBCWprXyyEoT62BG0RApL5AJ0asLEcy1APdgPf2RQEbae3nUU21wCfbR7R 4SeIrlp4IKnCy1XUUl/8uR0= =pEOh -----END PGP SIGNATURE----- --Boundary-02=_rpWCBsenbvbZvc9--