From owner-freebsd-net@FreeBSD.ORG  Mon Jan 17 22:27:18 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 54BF116A4CF
	for <freebsd-net@freebsd.org>; Mon, 17 Jan 2005 22:27:18 +0000 (GMT)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9F34643D4C
	for <freebsd-net@freebsd.org>; Mon, 17 Jan 2005 22:27:17 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de)
	by moutng.kundenserver.de with esmtp (Exim 3.35 #1)
	id 1CqfLA-0007n7-00; Mon, 17 Jan 2005 23:27:16 +0100
Received: from [217.227.148.204] (helo=donor.laier.local)
	by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.35 #1)
	id 1CqfL9-0002Hk-00; Mon, 17 Jan 2005 23:27:16 +0100
From: Max Laier <max@love2party.net>
To: freebsd-net@freebsd.org
Date: Mon, 17 Jan 2005 23:27:03 +0100
User-Agent: KMail/1.7.2
References: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com>
In-Reply-To: <86k6qcynus.fsf@srvbsdnanssv.interne.kisoft-services.com>
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2545583.N2s49BBbeG";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200501172327.13677.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	auth:61c499deaeeba3ba5be80f48ecc83056
Subject: Re: pf & clonable devices
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jan 2005 22:27:18 -0000

--nextPart2545583.N2s49BBbeG
Content-Type: text/plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Monday 17 January 2005 18:19, Eric Masson wrote:
> Hi,
>
> uname -a :
> FreeBSD srvbsdnanssv.interne.kisoft-services.com 5.3-STABLE FreeBSD
> 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005   =20
> emss@srvbsdnanssv.interne.kisoft-services.com:/vol0/build/usr/src/sys/K6I=
I=20
> i386
>
> kldstat :
> Id Refs Address    Size     Name
>  1   19 0xc0400000 2f6a20   kernel
>  2    1 0xc06f7000 14f08    if_ppp.ko
>  3    1 0xc070c000 9a88     if_xl.ko
>  4    2 0xc0716000 18a44    miibus.ko
>  5    1 0xc072f000 39ac     ulpt.ko
>  6    9 0xc0733000 1357c    agp.ko
>  7    1 0xc13fa000 1e000    nfsserver.ko
>  8    1 0xc1429000 28000    pf.ko
>
> I'm back at the moment to an isdn line for internet connection, and I'm
> using pppd (kernel ppp) and an isdn TA.
>
> I'm using Alain Thivillon's SSLTunnel for connection to the main office
> (kernel ppp tunnel encapsulated in a SSL session)
>
> pppX interfaces are created on demand as pppd is started.
>
> So I end with a setup like this one :
> ppp0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
>         inet 213.36.152.19 --> 212.129.4.14 netmask 0xffffff00
> ppp1: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>         inet 192.168.0.70 --> 192.168.0.15 netmask 0xffffff00
>
> kernel ppp doesn't seem to reuse existing pppX devices, it creates new
> ones as needed. PF rules are defined for fixed network devices, so I
> destroy pppX interfaces on ppp shutdown and let pppd recreate them as
> needed.
>
> In this case, I need to refresh PF by issuing :
> pfctl -F all -f /etc/pf.conf
> to get traffic passing thru newly recreated ppp0/1 interfaces.
>
> Is this a feature or a bug ?

Just guessing, but I assume you forgot to use round brackets around your NA=
T=20
and from/to addresses.  It should look like the following:

nat on ppp0 from $lan -> (ppp0)
nat on ppp1 from $lan -> (ppp1)
pass out on ppp0 from (ppp0) to any ...
pass out on ppp1 from (ppp1) to any ...
pass in  on ppp0 from any to (ppp0) ...

If you have it this way, you should send more details about your ruleset,=20
maybe to the freebsd-pf mailinglist.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart2545583.N2s49BBbeG
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBB7DvBXyyEoT62BG0RAr04AJ42Po4sywg0OCqWnBuV0vSuLFPAIQCff8gM
ey2BbT6l15R4FYvhbofzIOc=
=3vmO
-----END PGP SIGNATURE-----

--nextPart2545583.N2s49BBbeG--