On Mon, Nov 09, 2015 at 08:18:32AM -0500, Shawn Webb wrote: > I'm using iocage for jailing. > > It's now looking like pf is back to being broken for me. I've tried every > combination possible, even hardcoding the values: > > nat on wlan0 from {192.168.6.0/24, 192.168.7.0/24} to any -> 129.6.251.181 > pass in > pass out > > I have zero idea why this isn't working. It seems that from the documentation, > I'm doing everything right. I can see from tcpdump that the packets are > getting forwarded, but without the src IP address being rewritten to > 129.6.251.181. > > tcpdump output for a single ICMP packet, pinging to 8.8.8.8: > > 08:12:30.544462 IP 192.168.7.3 > 8.8.8.8: ICMP echo request, id 28131, seq 0, > length 64 > > That src IP should say 129.6.251.181. I found the problem: it seems that the new Intel Haswell graphics support (which I've been running with) is at odds somehow with pf NAT. Removing Haswell graphics support means working pf NAT. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:00 UTC