Date: Fri, 22 Oct 2004 14:58:28 +0900 From: Pyun YongHyeon <yongari@kt-is.co.kr> To: Matteo Riondato <rionda@gufi.org> Cc: freebsd-pf@freebsd.org Subject: Re: Is PF nat broken? Message-ID: <20041022055828.GB30294@kt-is.co.kr> In-Reply-To: <1098392019.909.22.camel@kaiser.sig11.org> References: <1098392019.909.22.camel@kaiser.sig11.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 21, 2004 at 10:53:39PM +0200, Matteo Riondato wrote: > Thu, 2004-10-21 18:38 CEST, Max Laier wrote: > > Matteo Riondato wrote: > > > Please note that I'm using pf.ko, not in-kernel support. > > > There isn't a "nat enable yes" line in /etc/ppp/ppp.conf > > > Any help will be appreciated. > > > > Well, could you try to tell us what exactly the problem is? I don't see any > > mentioning of the actual problem. > > Ouch, sorry, I forgot to mention it.. :) > Well, the fact is that nat does not work. I mean: packets arrive from > the lan to the internal interface (wifi_if = "rl0") and it seems that > they are forward to remote hosts, but when they come back, they are not > forward back to lan hosts. > > Here you found the output of "pfctl -vrs": > http://www.riondabsd.net/pfctl-vsr.output > You many need "pfctl -vvsn" to check NAT and "pfctl -vss" to check created states. > The output of "tcpdump -i rl0 port 110" > http://www.riondabsd.net/tcpdump.rl0 > > The output of "tcpdump -i tun0 port 110" > http://www.riondabsd.net/tcpdump.tun0 > > (the two tcpdump were taken at the same time) > I guess additional "-nvvv" options is preferable since it conveies more information than that of plain tcpdump command. > Here my /etc/pf.conf > http://www.riondabsd.net/pf.conf > Remove block rule or add log keyword and check whether your NAT rule really works. > Hope this helps. > Thank you in advance for any hint. PS: Your mail server rejects my mail. -- Regards, Pyun YongHyeon http://www.kr.freebsd.org/~yongari | yongari@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041022055828.GB30294>