From owner-freebsd-pf@FreeBSD.ORG Mon Nov 8 15:21:42 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99B9916A4CE for ; Mon, 8 Nov 2004 15:21:42 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id E138143D39 for ; Mon, 8 Nov 2004 15:21:41 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.179] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CRBKu-0000QZ-00; Mon, 08 Nov 2004 16:21:40 +0100 Received: from [217.227.150.133] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CRBKt-0005wh-00; Mon, 08 Nov 2004 16:21:39 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Mon, 8 Nov 2004 16:21:39 +0100 User-Agent: KMail/1.7 References: <20041108143059.GA54873@dorbja.pinco.pl> In-Reply-To: <20041108143059.GA54873@dorbja.pinco.pl> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2090757.JIVDIWOjU2"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411081621.46313.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 Subject: Re: pf multipath nat X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 15:21:42 -0000 --nextPart2090757.JIVDIWOjU2 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 08 November 2004 15:30, =A3ukasz Dudek wrote: > i've tried to configure multipath nat using RELENG_5 box > (when it was current and now when it became stable) > > this are simplified rules schema i've been using Please send the *complete* ruleset you are useing. > nat on $ext_if1 from $int_subnet to any -> ($ext_if1) > nat on $ext_if2 from $int_subnet to any -> ($ext_if2) > > # > ## routing for internal subnets > > pass in on $int_if \ > route-to { ( $ext_if1 $gateway1), ( $ext_if2 $gateway2 ) } > round-robin \ from $int_subnet to any keep state > > > ## need the next rules to properly pass traffic to/from the external IPs > > pass out on $ext_if2 route-to ($ext_if1 $gateway1) from $ext_if1 to any > pass out on $ext_if1 route-to ($ext_if2 $gateway2) from $ext_if2 to any > > every time i've loaded this rules machine hangs hard in 30 to 300 > seconds leaving nothing on special information on console or in logs > > i've been manipulating debug.mpsafenet without any change Are you *sure* that you had debug.mpsafenet=3D0 in the end? You know that i= t is=20 only changeable during the loader and *not* in the live system? > i've compiled in remote console via serial cable support > i've also compiled in required debugging options. > > and it shows nothing but i've been able to send break. > and probably manualy send doadump (i didnt try) > > then i've setup an openbsd 3.5 generic install on another disk > and just copied my pf.conf to started the machine and everything > was working fine for few hours. > > so i'm curios what should i look for to make it working on freebsd, or > meaby something is wrong whith my configuration or freebsd. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2090757.JIVDIWOjU2 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBj48KXyyEoT62BG0RAoSXAJ9omDbeATe1LuVzX5ksND5UaZ/SxQCfb6yr cdbnzROSDdH91bECq70FEw4= =tZlC -----END PGP SIGNATURE----- --nextPart2090757.JIVDIWOjU2--