Max Laier napsal(a): > On Monday 10 September 2007, Michal Mertl wrote: > >> Hello, >> >> I have recently upgraded 6.2-STABLE based router to -CURRENT kernel and >> I found out the following in /etc/pf.conf does not work anymore: >> >> ext_if="sis0" >> nat on $ext_if from ! ($ext_if) to any -> ($ext_if) >> >> It works again when I change it to: >> >> nat on $ext_if from any to any -> ($ext_if) >> > > Can you show me "ifconfig sis0" and "pfctl -vvvsn" for either rule? It > might be a problem with picking up aliases correctly. You could also try > to limit the nat rule by specifying "inet". A tcpdump on sis0 might also > be helpful to figure out what's going on, as could be "pfctl -xm" to > enable extended debugging on the console. This should print which > address is chosen for any translation. Finally you might want to look at > the rule counters and the state table after trying a couple of > connections I am sorry, I can't reproduce the problem myself anymore :-(. I do not understand how could it have happened - it seemed clear to me before - first version -> no NAT vs. second version -> NAT. I am pretty sure I repeated the test several times. And of course NAT did not work as otherwise I would not be trying to change the ruleset. There is only one IP address on the sis0 interface and it is being assigned by DHCP. If I have problems again I will try to better diagnose the situation. MichalReceived on Mon Sep 10 2007 - 17:28:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:17 UTC