i was having the same problem so i tried this out and here is what i got:
snip from pf.conf
ext_if="tun0"
nat on ($ext_if) from <allowed> to any -> ($ext_if) # this gives me an error
but the following:
nat on $ext_if from <allowed> to any -> ($ext_if)
doesn't give me any errors.
i also added the braces in all of my rules and they all started to
give me errors, for example:
pass out on ($ext_if) proto { tcp, udp } all keep state
The error i'm getting is:
/etc/pf.conf:48: syntax error # i get 9 of them
any clues anybody???
On 9/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Quoting Scott Ullrich <[EMAIL PROTECTED]>:
> On 9/7/06, KES <[EMAIL PROTECTED]> wrote:
>> Hello
>>
>> pf fails to start if interface doesnt exist or IP address not assigned
>>
>> I have trobles with tun0 (pppeo connection)
>>
>> Look at next picture:
>>
>> 1) power fail,
>> 2) FreeBSD starting,
>> 3) do pppoe connection to provider
>> 3.a) pppoe fail (ISP has some problem)
>> 4) pf starts and fails =((
>> 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C)
>>
>> Copy of console messages:
>> pflog promiscios
>> pf enabled
>> pflog: here some message (I don't remember)
>>
>> some experements:
>>
>> kes# ps ax|grep ppp
>> 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl
>> 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased
>> 47226 p2 DL+ 0:00.00 grep ppp
>>
>> #KILL pppoe connection
>> kes# kill -9 373
>> kes# kill -9 373
>> 373: No such process
>>
>> #Reload pf.conf
>> kes# pfctl -f /etc/pf.conf
>> no IP address found for tun0
>> /etc/pf.conf:48: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:66: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:100: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:101: could not parse host specification
>> pfctl: Syntax error in config file: pf rules not loaded
>>
>> #start pppoe
>> kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased
>> kes# pfctl -f /etc/pf.conf
>>
>> #no errors here.
>> kes#
>>
>> So I have no "Syntax error in config file"
>>
>> TO authur of pf:
>> You must change behavior of pf like ipfw does.
>> ipfw only do warning messages in situations like this.
>
> Please share your entire pf rules file. There are ways to work around
> this. Most notably you can wrap tun0 around () and PF will silently
> ignore the item until the interface is actually up and running.
Whould that be "(" tun0 ")" ? Or would a simple ( tun0 ) work?
Thanks,
ed
>
> Scott
> _______________________________________________
> [email protected] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
Best Regards,
Ivan Levchenko
[EMAIL PROTECTED]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
