On Thursday 29 July 2004 22:57, RJ45 wrote:
> hello,
> I configured PF for natting machines on my LAN
> using FreeBSD as ADSL gateway.
>
> I just write a simple rule
> nat on tun0 from 172.16.16.0/24 to any -> (tun0)
^^^^^^> but NAT does not work, packets are blocked. > > ip forwarding is enabled > > using ipfilter works and packets are natted succesfully with a simple rule > the same as before: > > map tun0 172.16.16.0/24 -> tun0/32 > > > I am using PF on OpenBSD since the first time it was released > so I Am sure it is not a problem of my configuration (After all more > than very simple) > using PF on FreeBSD I noticed simply packets are not NATted. Well they are, but to a wrong address or no address at all, depending on the state of tun0 upon loading the ruleset. > I have to say I am using it on sparc64 FreeBSD 5.2.1 on ultra 60. > > anyone has some hints ? Have you applied the dynamic address patches? # cd /usr/ports/security/pf && make extract && cd work/pf_freebsd_2.03/patches # less README for details. Unless you did so, the "(ifname)" syntax will not work on 5.2.1R. As a workaround you can place a #pfctl -f <pf.conf> in your linkup script. Other than that, you might want to try a recent -current snapshot in order to build 3.5 pf (the port is still as of 3.4) out of the box. There you have all the fancy interface handling that comes with 3.5 (including dynamic addresses of course) and additionally there is ALTQ ;) Patches for hme(4) from Pyun YongHyeon are on http://people.freebsd.org/~mlaier/ALTQ_driver/ other driver patches upon request. sparc64 should not be a problem for pf in general. > maybe on i386 works who knows ? Not with the dynamic address syntax, no. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpZvj2KkLGKf.pgp
Description: signature
