On Fri, Nov 27, 2020 at 12:05:49PM +0300, kasak wrote: > Mine configuration requires to use a brigde: > > I have files: > > cat /etc/hostname.bridge0 > add vether0 > add em1 > add tap1 > up > > files hostname.em1 and tap1 just contain "up" > > and file hostname.vether0 contain: > > inet 172.16.0.1 255.240.0.0 NONE description "LAN Link" > > this is ifconfig: > > em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu > 1500 > lladdr 68:05:ca:22:d8:d3 > index 3 priority 0 llprio 3 > media: Ethernet autoselect (1000baseT full-duplex) > status: active > bridge0: flags=41<UP,RUNNING> > index 6 llprio 3 > groups: bridge > priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp > tap1 flags=3<LEARNING,DISCOVER> > port 7 ifpriority 0 ifcost 0 > em1 flags=3<LEARNING,DISCOVER> > port 3 ifpriority 0 ifcost 0 > vether0 flags=3<LEARNING,DISCOVER> > port 8 ifpriority 0 ifcost 0 > tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > lladdr fe:e1:ba:d0:c5:d9 > index 7 priority 0 llprio 3 > groups: tap > status: active > vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > lladdr fe:e1:ba:d1:e5:18 > description: LAN Link > index 8 priority 0 llprio 3 > groups: vether > media: Ethernet autoselect > status: active > inet 172.16.0.1 netmask 0xfff00000 broadcast 172.31.255.255 > > The only option i wanted is to redirect ntp packets to router local > interface: > > gater:~$ doas pfctl -sr > block return all > pass all flags S/SA > block drop in on em0 all > pass out on em0 inet from 172.16.0.0/12 to any flags S/SA nat-to > 212.233.112.10 > pass in log on bridge0 inet proto tcp from ! 172.16.0.5 to any port = 123 > flags S/SA rdr-to 127.0.0.1 > pass in log on bridge0 inet proto udp from ! 172.16.0.5 to any port = 123 > rdr-to 127.0.0.1 > > But this rule just not working, and i cannot fix it. > I've tryed to change "bridge0" to "em0", it doen't change anything. pflog > doesn't log anything too. > > This is from the client: > > [kasak@kasakoff ~]$ ntpdate -q pool.ntp.org > server 195.3.254.2, stratum 2, offset +0.004216, delay 0.03334 > server 192.36.143.130, stratum 1, offset +0.000088, delay 0.04488 > server 193.192.36.3, stratum 3, offset -0.000007, delay 0.04155 > server 80.240.216.155, stratum 2, offset +0.000807, delay 0.02821 > 27 Nov 12:04:17 ntpdate[155506]: adjust time server 192.36.143.130 offset > +0.000088 sec > [kasak@kasakoff ~]$ ntpdate -q 172.16.0.1 > server 172.16.0.1, stratum 4, offset -0.000107, delay 0.02589 > 27 Nov 12:04:19 ntpdate[155511]: adjust time server 172.16.0.1 offset > -0.000107 sec > > Is there some secret, I've failed to found in man? >
Are you sure you mean em0 and not em1 in your pf rules? --