Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Oct 2006 11:28:50 -0400
From:      Martin Turgeon <turgeon.martin@gmail.com>
To:        'Erik Norgaard' <norgaard@locolomo.org>
Cc:        freebsd-bugs@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org
Subject:   RE: Routing with external interface doesn't work after a while
Message-ID:  <0J7C00COK8BPD6L1@VL-MH-MR002.ip.videotron.ca>
In-Reply-To: <45363A6A.4040607@locolomo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
The NAT rules are already written that way:

nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if)
nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if)
nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if)
nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if)

Thanks anyway

Martin

-----Message d'origine-----
De=A0: Erik Norgaard [mailto:norgaard@locolomo.org]=20
Envoy=E9=A0: 18 octobre 2006 10:30
=C0=A0: Martin Turgeon
Cc=A0: freebsd-pf@freebsd.org; freebsd-bugs@freebsd.org;
freebsd-questions@freebsd.org
Objet=A0: Re: Routing with external interface doesn't work after a while

Martin Turgeon wrote:

> I've been reading the mailing list for a while, but it's my first =
post.
I'm
> not sure what is causing the problem so I'm posting to multiple lists. =
I'm
> running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks =
likes
> after a while (a couple of weeks) the routing isn't working anymore, =
but
> only with the external interface (the one connected to my cable modem =
from
> Videotron in Montreal). The box is acting as the gateway of the =
network
with
> PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also
occurred
> on FreeBSD 6.0 on another box.

Is your external ip configured with dhcp? I would guess this is because=20
your ip on the external interface changes. Your NAT rules will still go=20
to the old ip and hence nowhere. If reloading your pf ruleset solves the =

problem, then this is a strong indication.

There is some trick to handle that, IIRC something like this would do:

ext_if=3Dfxp0 # external interface
nat on $ext_if from <lan>  to !<lan> -> ($ext_if)

The () means that pf will lookup the ip on that interface, and update=20
dynamically when the ip changes.

Well, that's how I remember it, I couldn't find where I've seen it, but=20
there is a trick like this.

Cheers, Erik
--=20
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0J7C00COK8BPD6L1>