From owner-freebsd-pf@FreeBSD.ORG Wed Oct 18 15:31:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2188E16A403; Wed, 18 Oct 2006 15:31:23 +0000 (UTC) (envelope-from turgeon.martin@gmail.com) Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD31843D46; Wed, 18 Oct 2006 15:31:22 +0000 (GMT) (envelope-from turgeon.martin@gmail.com) Received: from martinlaptop ([70.81.169.115]) by VL-MH-MR002.ip.videotron.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0J7C00COB8BMD6L1@VL-MH-MR002.ip.videotron.ca>; Wed, 18 Oct 2006 11:28:37 -0400 (EDT) Date: Wed, 18 Oct 2006 11:28:50 -0400 From: Martin Turgeon In-reply-to: <45363A6A.4040607@locolomo.org> To: 'Erik Norgaard' Message-id: <0J7C00COK8BPD6L1@VL-MH-MR002.ip.videotron.ca> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Thread-index: AcbyweiAX5VLAPbjR+6JB8W68i+MUgAB1i0g Cc: freebsd-bugs@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: RE: Routing with external interface doesn't work after a while X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2006 15:31:23 -0000 The NAT rules are already written that way: nat on $wan_if tag LAN_WAN_NAT tagged LAN_WAN -> ($wan_if) nat on $wan_if tag WLS_WAN_NAT tagged WLS_WAN -> ($wan_if) nat on $wan_if tag AP_WAN_NAT tagged AP_WAN -> ($wan_if) nat on $wan_if tag VPN_WAN_NAT tagged VPN_WAN -> ($wan_if) Thanks anyway Martin -----Message d'origine----- De=A0: Erik Norgaard [mailto:norgaard@locolomo.org]=20 Envoy=E9=A0: 18 octobre 2006 10:30 =C0=A0: Martin Turgeon Cc=A0: freebsd-pf@freebsd.org; freebsd-bugs@freebsd.org; freebsd-questions@freebsd.org Objet=A0: Re: Routing with external interface doesn't work after a while Martin Turgeon wrote: > I've been reading the mailing list for a while, but it's my first = post. I'm > not sure what is causing the problem so I'm posting to multiple lists. = I'm > running FreeBSD 6.1 on a Celeron 2.8GHz with 512Mo of RAM. It looks = likes > after a while (a couple of weeks) the routing isn't working anymore, = but > only with the external interface (the one connected to my cable modem = from > Videotron in Montreal). The box is acting as the gateway of the = network with > PF, OpenVPN 2.0.5-1 and ISC-DHCPd 3.0.3-1 running. The problem also occurred > on FreeBSD 6.0 on another box. Is your external ip configured with dhcp? I would guess this is because=20 your ip on the external interface changes. Your NAT rules will still go=20 to the old ip and hence nowhere. If reloading your pf ruleset solves the = problem, then this is a strong indication. There is some trick to handle that, IIRC something like this would do: ext_if=3Dfxp0 # external interface nat on $ext_if from to ! -> ($ext_if) The () means that pf will lookup the ip on that interface, and update=20 dynamically when the ip changes. Well, that's how I remember it, I couldn't find where I've seen it, but=20 there is a trick like this. Cheers, Erik --=20 Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9