Rules must be in order

Huzeyfe Onal huzeyfe.onal at gmail.com
Sat Dec 30 23:43:22 PST 2006 

Hi,

error says what sohuld you do:
"/etc/pf.conf:13: Rules must be in order: options, normalization, queueing,"

Your pf rules order is wrong. The order should be
like...Queue->NAT->Filtering...

new pf.conf ;
---
ext_if="lnc0"   # replace with actual external interface name i.e., dc0
int_if="lnc0"   # replace with actual internal interface name i.e., dc1
internal_net1="10.10.1.1/24"
internal_net2="10.10.2.1/24"

altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
 queue internal_net2 bandwidth 64Kb cbq(default borrow)
 queue internal_net1 bandwidth 64Kb cbq(red borrow)


nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194

pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)

----



On 12/31/06, sukaca <myninku at gmail.com> wrote:
> dear all
>
> i just configure pf+altq
> and got error masssage
>
> this my config
>
> ext_if="lnc0"   # replace with actual external interface name i.e., dc0
> int_if="lnc0"   # replace with actual internal interface name i.e., dc1
> internal_net1="10.10.1.1/24"
> internal_net2="10.10.2.1/24"
>
> altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
> queue internal_net2 bandwidth 64Kb cbq(default borrow)
> queue internal_net1 bandwidth 64Kb cbq(red borrow)
>
> pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
> pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)
>
> nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
> nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194
>
> the error is
>
> pfctl -f /etc/pf.conf
> /etc/pf.conf:13: Rules must be in order: options, normalization, queueing,
> translation, filtering
> /etc/pf.conf:14: Rules must be in order: options, normalization, queueing,
> translation, filtering
> pfctl: Syntax error in config file: pf rules not loaded
>
> where is my wrong
> and what should i do
>
> thanks and regard
>
> vicky
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>



-- 
Huzeyfe ÖNAL
EnderUnix Core Team Member
huzeyfe at enderunix.org
http://www.enderunix.org/huzeyfe
+90 555 255 4593

Ag guvenligi listesine uye oldunuz mu?
http://www.huzeyfe.net/netsec.html
---

More information about the freebsd-pf mailing list