On Fri, 04 Sep 2009, Henrik Hudson wrote: > On Fri, 04 Sep 2009, Collin Kreklow wrote: > > > On Fri, Sep 04, 2009 at 08:59:30AM -0800, Henrik Hudson wrote: > > > Hey List, > > > > > > I just finishing supping to 8-BETA3 and after a reboot I noticed > > > that my PF rules weren't loading and hence NAT wasn't working for > > > internal clients, not to mention no firewall :) > > > > > > This might not be specific to BETA3, but it's the first time I > > > noticed it concretely. I did have a power outage last week where > > > after a poweron I had to run pfctl -f /etc/pf.conf to get NAT working > > > again. This was under BETA2. > > > > At the time when the pf script runs during boot, all the network > > interfaces may not be fully configured. It is likely that your pf.conf > > includes rules that pf can't calculate because one or more network > > interfaces are not yet configured. I had to change my pf.conf to > > hard-code the IP ranges instead of using :network to get my rules to > > load on boot. Also make sure your script is using (xl0) where > > appropriate. > > It's possible. However, I'm pretty sure the ruleset worked correctly > on the initial install and it's a ruleset I've used on plenty of > different gateway servers with a similar hardware setup. > > However, I did just finish building another 8-BETA3 x64 box and it > works fine, so maybe something fluky is going on with the server > crash due to the power outage. > > I will investiage further. Thanks. *ding* *ding* we have a winner. I had added a rule which required a DNS lookup for port forwarding in torrent traffic to an internal host. Thanks. Henrik -- Henrik Hudson lists_at_rhavenn.net ----------------------------------------- "God, root, what is difference?" Pitr; UFReceived on Fri Sep 04 2009 - 18:52:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:54 UTC