On Wed, Jun 20, 2007 at 11:40:36AM +0200, Henning Brauer wrote: > * Albert Chin <[EMAIL PROTECTED]> [2007-06-20 11:24]: > > On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote: > > > * Brian A. Seklecki <[EMAIL PROTECTED]> [2007-06-20 07:39]: > > > > Very bizarre. The only advice I can offer is that maybe it's getting > > > > confused on "-> $nat_if" instead of the more-pragmatic "-> ($nat-if)". > > > > > > > > Perhaps the parse code is trying too hard to resolve $nat_if in the > > > > former, and thus finding the underlying interface instead of the > > > > logical > > > > upper layer vlan interface? > > > > > > no way. > > > > > > to teh original poster, please show: > > > 1) ifconfig -A > > > > vlan109: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > > lladdr 00:0e:0c:b2:e3:e3 > > vlan: 109 priority: 0 parent interface: fxp1 > > groups: vlan egress > > inet6 fe80::20e:cff:feb2:e3e3%vlan109 prefixlen 64 scopeid 0x10 > > inet 192.168.13.1 netmask 0xfffffff8 broadcast 192.168.13.7 > > strange, on all my boxes there is al least lo0 and enc0, something in > your kernel is broken. and fxp* disappeared too.
Sorry, I only posted the ifconfig of the vlan interface, not the full ifconfig output. > > > 2) pf.conf > > > 3) pfctl -nvf /etc/pf.conf > > > > > > specically, compare the nat rule(s) in 2) and 3). you should see > > > $nat_if replaced by an IP address. of course do NOT use ($nat_if) for > > > that > > > > Ahh. > > > > #3 shows the following: > > nat pass log on vlan109 inet6 from <tww_nets> to any -> > > fe80::20e:cff:feb2:e3e3 > > when #2 looks like: > > nat pass log on $nat_if from <tww_nets> to any -> $nat_if > > sp pf cannot figure out the address family for this rule, and picks v6 > while you want v4. > so just specify v4 explicitely: > nat pass log on $nat_if inet from <tww_nets> to any -> $nat_if Indeed, thanks. -- albert chin ([EMAIL PROTECTED])
