Date: Mon, 17 Jan 2005 23:27:03 +0100 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Subject: Re: pf & clonable devices Message-ID: <200501172327.13677.max@love2party.net> In-Reply-To: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com> References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2545583.N2s49BBbeG Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 17 January 2005 18:19, Eric Masson wrote: > Hi, > > uname -a : > FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD > 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 =20 > emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6I= I=20 > i386 > > kldstat : > Id Refs Address Size Name > 1 19 0xc0400000 2f6a20 kernel > 2 1 0xc06f7000 14f08 if_ppp.ko > 3 1 0xc070c000 9a88 if_xl.ko > 4 2 0xc0716000 18a44 miibus.ko > 5 1 0xc072f000 39ac ulpt.ko > 6 9 0xc0733000 1357c agp.ko > 7 1 0xc13fa000 1e000 nfsserver.ko > 8 1 0xc1429000 28000 pf.ko > > I'm back at the moment to an isdn line for internet connection, and I'm > using pppd (kernel ppp) and an isdn TA. > > I'm using Alain Thivillon's SSLTunnel for connection to the main office > (kernel ppp tunnel encapsulated in a SSL session) > > pppX interfaces are created on demand as pppd is started. > > So I end with a setup like this one : > ppp0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524 > inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00 > ppp1: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 > inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00 > > kernel ppp doesn't seem to reuse existing pppX devices, it creates new > ones as needed. PF rules are defined for fixed network devices, so I > destroy pppX interfaces on ppp shutdown and let pppd recreate them as > needed. > > In this case, I need to refresh PF by issuing : > pfctl -F all -f /etc/pf.conf > to get traffic passing thru newly recreated ppp0/1 interfaces. > > Is this a feature or a bug ? Just guessing, but I assume you forgot to use round brackets around your NA= T=20 and from/to addresses. It should look like the following: nat on ppp0 from $lan -> (ppp0) nat on ppp1 from $lan -> (ppp1) pass out on ppp0 from (ppp0) to any ... pass out on ppp1 from (ppp1) to any ... pass in on ppp0 from any to (ppp0) ... If you have it this way, you should send more details about your ruleset,=20 maybe to the freebsd-pf mailinglist. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2545583.N2s49BBbeG Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBB7DvBXyyEoT62BG0RAr04AJ42Po4sywg0OCqWnBuV0vSuLFPAIQCff8gM ey2BbT6l15R4FYvhbofzIOc= =3vmO -----END PGP SIGNATURE----- --nextPart2545583.N2s49BBbeG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501172327.13677.max>