Thanks for all your replies.
> I think dhcpd.interfaces is a relic? For the longest time I've simply
> been specifying my interfaces in dhcpd_flags.
Good idea, but deleting /etc/dhcpd.interfaces does not make any change.
> Since you did not submit a full pf.conf, I have no chance of knowing if you
> do a later pass that changes the NAT state.
This is my full /etc/pf.conf now:
pass out on rl0 inet from vlan309:network to any nat-to rl0
I have noticed that my NAT is working if there is running #tcpdump -i vlan309
NAT works with:
pass out on rl0 inet from vlan309:network to any nat-to rl0
or with:
match out on rl0 inet from vlan309:network nat-to rl0
pass out on rl0
If I terminate #tcpdump -i vlan309, NAT stops working too.
Any idea?
On Mon, 18 Apr 2016 16:42:00 -0400
"Brian S. Vangsgaard" <b...@avalanic.dk> wrote:
> pass out on rl0 inet from vlan309:network to any nat-to rl0
>
> match out on rl0 inet from vlan:309:network nat-to rl0
> pass out on rl0
>
> Since you did not submit a full pf.conf, I have no chance of knowing if you
> do a later pass that changes the NAT state.
>
> You could use tags for more fine-grained control.
>
>
> #cat /etc/rc.conf.local
> dhcpd_flags="vlan300 vlan308 vlan309 vlan310 vlan311 vlan400"
> pf_rules=/etc/pf.conf
>
> #cat /etc/dhcpd.interfaces
> vlan300
> vlan308
> vlan309
> vlan310
> vlan311
> vlan400
>
> #cat /etc/hostname.em0
> up
>
> #cat /etc/hostname.em1
> up
>
> #cat /etc/hostname.trunk0
> trunkproto lacp trunkport em0 trunkport em1 lladdr 00:01:02:03:11:11
> up
>
> #cat /etc/hostname.vlan300
> inet 10.0.30.254 255.255.255.0 NONE vlan 300 vlandev trunk0 lladdr
> 00:01:02:03:03:00 description "Interface VLAN-SERV"
>
> #cat /etc/hostname.vlan308
> inet 10.0.8.254 255.255.255.0 NONE vlan 308 vlandev trunk0 lladdr
> 00:01:02:03:03:08 description "Interface VLAN-308I"
>
> #cat /etc/hostname.vlan309
> inet 10.0.9.254 255.255.255.0 NONE vlan 309 vlandev trunk0 lladdr
> 00:01:02:03:03:09 description "Interface VLAN-309I"
> [...]
>
>
>
> @2. Then I removed trunk0. DHCPserver works, clients get IP. NAT does not
> work still.
>
> #cat /etc/pf.conf [changed to very short and simple for tests]
> pass out on rl0 inet from vlan309:network to any nat-to rl0
>
> #cat /etc/rc.conf.local
> dhcpd_flags="vlan300 vlan308 vlan309 vlan310 vlan311 vlan400"
> pf_rules=/etc/pf.conf
>
> #cat /etc/dhcpd.interfaces
> vlan300
> vlan308
> vlan309
> vlan310
> vlan311
> vlan400
>
> #cat /etc/hostname.em0
> up
>
> #cat /etc/hostname.vlan300
> inet 10.0.30.254 255.255.255.0 NONE vlan 300 vlandev em0 lladdr
> 00:01:02:03:03:00 description "Interface VLAN-SERV"
>
> #cat /etc/hostname.vlan308
> inet 10.0.8.254 255.255.255.0 NONE vlan 308 vlandev em0 lladdr
> 00:01:02:03:03:08 description "Interface VLAN-308I"
>
> #cat /etc/hostname.vlan309
> inet 10.0.9.254 255.255.255.0 NONE vlan 309 vlandev em0 lladdr
> 00:01:02:03:03:09 description "Interface VLAN-309I"
> [...]
>
>
>
> @3. Finally, I removed VLANs and NAT started to work.
>
> #cat /etc/pf.conf [changed to very short and simple for tests]
> pass out on rl0 inet from em0:network to any nat-to rl0
>
> #cat /etc/rc.conf.local
> dhcpd_flags="em0"
> pf_rules=/etc/pf.conf
>
> #cat /etc/dhcpd.interfaces
> em0
>
> #cat /etc/hostname.em0
> inet 10.0.8.254 255.255.255.0 NONE lladdr 00:01:02:03:03:08 description
> "Interface VLAN-308"
>
>
> #dmesg
> OpenBSD 5.9 (GENERIC) #1561: Fri Feb 26 01:22:37 MST 2016
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Celeron(R) CPU 2.93GHz ("GenuineIntel" 686-class) 2.93 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,CNXT-ID,xTPR,PERF
> real mem = 2137800704 (2038MB)
> avail mem = 2084323328 (1987MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: date 08/26/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @
> 0xfb21f (4 entries)
> bios0: vendor American Megatrends Inc. version "P1.80" date 08/26/2004
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP APIC OEMB
> acpi0: wakeup devices P0P4(S4) MC97(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4)
> EUSB(S4) PS2K(S4) PS2M(S4) UAR1(S4) GBEN(S4) SLPB(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 133MHz
> cpu0: mwait min=64, max=64
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 1
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (P0P4)
> acpicpu0 at acpi0: C1(@1 halt!)
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: SLPB
> bios0: ROM list: 0xc0000/0xa000!
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
> inteldrm0 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
> drm0 at inteldrm0
> intagp0 at inteldrm0
> agp0 at intagp0: aperture at 0xf0000000, size 0x8000000
> inteldrm0: apic 1 int 16
> inteldrm0: 1920x1080
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
> uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19
> uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18
> uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
> ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int
> 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
> pci1 at ppb0 bus 1
> 1:3:0: mem address conflict 0xfffc0000/0x40000
> em0 at pci1 dev 3 function 0 "Intel 82546EB" rev 0x01: apic 1 int 20, address
> 00:11:0a:62:f3:42
> em1 at pci1 dev 3 function 1 "Intel 82546EB" rev 0x01: apic 1 int 21, address
> 00:11:0a:62:f3:43
> rl0 at pci1 dev 5 function 0 "Realtek 8139" rev 0x10: apic 1 int 22, address
> 00:0b:6a:cf:6f:2d
> rlphy0 at rl0 phy 0: RTL internal PHY
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
> pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA,
> channel 0 configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide0 channel 0 drive 0: <ST340014A>
> wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
> atapiscsi0 at pciide0 channel 0 drive 1
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0: <HL-DT-ST, CD-ROM GCR-8523B, 1.03> ATAPI
> 5/cdrom removable
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
> cd0(pciide0:0:1): using PIO mode 4, DMA mode 2
> pciide0: channel 1 disabled (no drives)
> ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic 1
> int 17
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM non-parity PC3200CL3.0
> spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC3200CL3.0
> auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1 int
> 17, ICH5 AC97
> ac97: codec id 0x434d4983 (C-Media Electronics CMI9761A+)
> audio0 at auich0
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci3: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
> lm1 at wbsio0 port 0x290/8: W83627HF
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b
>
> --
> radek
--
radek
