Routing with external interface doesn't work after a while
Erik Norgaard
norgaard at locolomo.org
Wed Oct 18 19:24:06 UTC 2006
Martin Turgeon wrote:
> You're right on this, the filtering rules aren't written with the brackets.
> But isn't pf routing the packets to an interface instead of an IP address.
I can't tell you if this affects your setup since I have't seen the
ruleset.
You're going to tag then nat and then filter the packets. If any of
these steps you apply non-dynamic rules, that is you use $ext_if instead
of ($ext_if) for the ip address on the external interface, then you're
likely to have things behave unexpectedly.
Things suddenly stop working after weeks without problems, just sounds
very much like your firewall setup doesn't follow changes of the
interface configuration. Without knowing the details of your setup, I
can't tell you much more.
What also confuses me is that you have tags in your nat rules - you
might add a tag for later use in filtering, but you also check if a tag
exist, and I don't know how or where this is set.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions
mailing list