Hi misc,
my current pf setup works fine but I face the problem, that NAT does not
work directly after system boot. Only when a do a
# pfctl -f /etc/pf.conf
after the booting things a working correctly.
Note: I don´t make any changes to pf.conf.
Anybody any idea?
General Setup:
Hardware: PCengines APU2c4
2x vlan(4): vlan32 (private) vlan64 (wifi-guests)
2x pppoe(4): ADSL-uplink.
Thanks!
Here is the pf.conf:
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
set block-policy drop
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on pppoe0 from vlan:network nat-to (pppoe0)
match out on pppoe1 from vlan:network nat-to (pppoe1)
block in quick on pppoe from <martians> to any
block return out quick on pppoe from any to <martians>
block all
pass out quick inet
pass out on vlan to vlan:network
pass in quick on vlan from vlan:network to vlan
pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1 pppoe1:network)}
least-states sticky-address
pass in on vlan proto tcp to port https route-to {(pppoe0 pppoe0:network),
(pppoe1 pppoe1:network)} source-hash
block return in on vlan from vlan64:network to vlan32:network
block return in on vlan inet proto tcp from any to any port 25
pass in on egress inet proto icmp all
pass in on egress inet proto tcp from any to (egress) port ssh
