From owner-freebsd-pf@FreeBSD.ORG  Tue May 27 07:22:33 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2385C1065685
	for <freebsd-pf@freebsd.org>; Tue, 27 May 2008 07:22:33 +0000 (UTC)
	(envelope-from reinhard.haller@interactive-net.de)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])
	by mx1.freebsd.org (Postfix) with ESMTP id AEA508FC21
	for <freebsd-pf@freebsd.org>; Tue, 27 May 2008 07:22:32 +0000 (UTC)
	(envelope-from reinhard.haller@interactive-net.de)
Received: from interactive.dnsalias.net
	(ppp-82-135-87-233.dynamic.mnet-online.de [82.135.87.233])
	by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis)
	id 0MKxQS-1K0tVv2Ad0-0007iz; Tue, 27 May 2008 09:22:31 +0200
Received: from fs-inter.interactive.de ([192.168.0.1])
	by interactive.dnsalias.net with smtp (Exim 4.69 (FreeBSD))
	(envelope-from <reinhard.haller@interactive-net.de>)
	id 1K0tVu-000AZl-Qe
	for freebsd-pf@freebsd.org; Tue, 27 May 2008 09:22:30 +0200
Received: from [192.168.0.196] (core2duo.interactive.de [192.168.0.196])
	by fs-inter.interactive.de; Tue, 27 May 2008 09:25:01 +0200
Message-ID: <483BB699.4040608@interactive-net.de>
Date: Tue, 27 May 2008 09:22:01 +0200
From: Reinhard Haller <reinhard.haller@interactive-net.de>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <48333B05.9090203@interactive-net.de>
	<20080521084000.GC5072@verio.net>
In-Reply-To: <20080521084000.GC5072@verio.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-ACL-rcpt: freebsd-pf@freebsd.org
X-ACL-Send: reinhard.haller@interactive-net.de
X-Provags-ID: V01U2FsdGVkX18DutmeQ/M2D8oswzFvBKMzcEcvuvJx+ODSFoS
	MMlCjEwIp3QWOeZMRWx67m1TGYcWykKtij2U21k8Pb1fglxA7x
	GQ+A920pPVWpK0g/oDLtbtVJQHcMBNY22QUMe+j3vSBZyMGix3 Vpw==
Subject: Re: NAT problem with pppoe
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 May 2008 07:22:33 -0000

Hi David,

David DeSimone schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Reinhard Haller <reinhard.haller@interactive-net.de> wrote:
>  
>> Sending HUP to ppp does'nt eliminate the problem, pfctl -d/-e and a
>> restart of the internal server solve it.
>>     
>
> I suggest that your ppp "if_down" script make use of the "pfctl -k"
> command to kill state entries that have to do with the IP that is being
> removed.
>   
16:45 linkdown: pfctl -k 88.217.34.98
16:45 linkup: myaddr=82.135.87.233
16:48 dns-request with 88.217.34.98 as source address to 212.18.0.5

our DNS queries from internal servers are still sent with the old 
dynamic address as source address
where a local dig on the pf-box uses the new dynamic address.

Any suggestions where to search?

Thanks
Reinhard