Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 22 Oct 2004 14:58:28 +0900
From:      Pyun YongHyeon <yongari@kt-is.co.kr>
To:        Matteo Riondato <rionda@gufi.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Is PF nat broken?
Message-ID:  <20041022055828.GB30294@kt-is.co.kr>
In-Reply-To: <1098392019.909.22.camel@kaiser.sig11.org>
References:  <1098392019.909.22.camel@kaiser.sig11.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Oct 21, 2004 at 10:53:39PM +0200, Matteo Riondato wrote:
 > Thu, 2004-10-21  18:38 CEST, Max Laier wrote:
 > > Matteo Riondato wrote:
 > > > Please note that I'm using pf.ko, not in-kernel support.
 > > > There isn't a "nat enable yes" line in /etc/ppp/ppp.conf
 > > > Any help will be appreciated.
 > > 
 > > Well, could you try to tell us what exactly the problem is? I don't see any 
 > > mentioning of the actual problem.
 > 
 > Ouch, sorry, I forgot to mention it.. :)
 > Well, the fact is that nat does not work. I mean: packets arrive from
 > the lan to the internal interface (wifi_if = "rl0") and it seems that
 > they are forward to remote hosts, but when they come back, they are not
 > forward back to lan hosts.
 > 
 > Here you found the output of "pfctl -vrs":
 > http://www.riondabsd.net/pfctl-vsr.output
 > 

You many need "pfctl -vvsn" to check NAT and "pfctl -vss"
to check created states.

 > The output of "tcpdump -i rl0 port 110"
 > http://www.riondabsd.net/tcpdump.rl0
 > 
 > The output of "tcpdump -i tun0 port 110" 
 > http://www.riondabsd.net/tcpdump.tun0
 > 
 > (the two tcpdump were taken at the same time)
 > 

I guess additional "-nvvv" options is preferable since it
conveies more information than that of plain tcpdump command.

 > Here my /etc/pf.conf
 > http://www.riondabsd.net/pf.conf
 > 

Remove block rule or add log keyword and check whether your
NAT rule really works.

 > Hope this helps. 
 > Thank you in advance for any hint.

PS: Your mail server rejects my mail.
-- 
Regards,
Pyun YongHyeon
http://www.kr.freebsd.org/~yongari	|	yongari@freebsd.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041022055828.GB30294>