Date: Thu, 16 Sep 2004 03:39:28 -0000 From: "Ziad Afra" <ziad.afra@refraction.co.uk> To: <pf4freebsd@freelists.org> Subject: [pf4freebsd] Re: Version 1.52 Message-ID: <000701c32a18$6db7a740$050410ac@scum> In-Reply-To: <40481.141.3.10.100.1054637166.squirrel@webmail.vampire.homelinux.org>
next in thread | previous in thread | raw e-mail | index | archive | help
All I still cant get NAT to work correctly on my setup. Its quite frustrating I must say.. My configuration is as follows:- FreeBSD XXX.XXX.XXX 5.0-RELEASE FreeBSD 5.0-RELEASE #6: Wed May 14 00:30:11 BST 2003 root@XXX.XXX.XXX:/usr/obj/usr/src/sys/FREE i386 ===[root] ~ # sysctl -a|grep -i forw kern.smp.forward_signal_enabled: 1 kern.smp.forward_roundrobin_enabled: 1 net.inet.ip.forwarding: 1 net.inet.ip.fastforwarding: 1 net.inet6.ip6.forwarding: 0 ===[root] /boot/kernel # pwd /boot/kernel ### ### ###of concern### -r-xr-xr-x 1 root wheel 124916 May 14 01:46 pf.ko -r-xr-xr-x 1 root wheel 6844 May 14 01:46 pflog.ko -r-xr-xr-x 1 root wheel 8442 May 14 01:46 pfsync.ko ===[root] /boot/kernel # pfctl -sa scrub in all fragment reassemble pass quick on lo0 all nat on fxp0 inet from 172.16.4.1 to any -> 172.16.4.11 pfctl: DIOCGETALTQS: Operation not supported by device Status: Enabled for 1 days 20:58:49 Debug: None State Table Total Rate current entries 0 searches 0 0.0/s inserts 0 0.0/s removals 0 0.0/s Counters match 0 0.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s states hard limit 10000 frags hard limit 5000 ===[root] /usr/local/etc # cat pf.conf # macros ext_if = "fxp0" int_if = "fxp1" int_lan = "172.16.5.255" # scrub scrub in all # nat/rdr nat on $ext_if from 172.16.5.1 to any -> 172.16.4.11 As you can see here I have set explicit rule for 1 internal ip to be used and still no difference. This test firewall is already behind an existing implementation of openbsd using PF which I know works. So what looks like is happening is that NAT is not correctly working as per the tcpdump (fxp0 is my external interface to the ubernet):- ===[root] /usr/local/etc # tcpdump -i fxp0 host 172.16.5.1 tcpdump: listening on fxp0 22:31:58.614125 172.16.5.1.3743 > ns.cableinet.net.domain: 7+[|domain] 22:32:00.606079 172.16.5.1.3744 > ns.cableinet.net.domain: 8+ A? www.hotmail.com. (33) why is 172.16.5.1 requesting on the external interface domain requests when it should be 172.16.4.11? Nat looks like to be borked with regards to my implementation. Perhaps I have done something wrong? Comments please! I could really do with some help here... Regards Ziad -----Original Message----- From: pf4freebsd-bounce@freelists.org [mailto:pf4freebsd-bounce@freelists.org] On Behalf Of Max Laier Sent: 03 June 2003 11:46 To: pf4freebsd@freelists.org Subject: [pf4freebsd] Version 1.52 Hello, just uploaded version 1.52 (http://pf4freebsd.love2party.net/pf_freebsd_1.52.tar.gz) Pyun found some missing initialisations for new structures and fixed a long standing problem with the "WITH_RANDOM_ID=yes" option (which now has an effect again). Please update to the new version. I didn't receive any feedback (neither good nor bad) about the new version. Is someone actually running it on her/his box? I have it on my gateway and didn't see anything bad yet, but I am really curious about your experience. So, if you gave it a try, please let me know. Thanks Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c32a18$6db7a740$050410ac>