27.11.2020 12:58, Zé Loff пишет:
On Fri, Nov 27, 2020 at 12:05:49PM +0300, kasak wrote:
Mine configuration requires to use a brigde:
I have files:
cat /etc/hostname.bridge0
add vether0
add em1
add tap1
up
files hostname.em1 and tap1 just contain "up"
and file hostname.vether0 contain:
inet 172.16.0.1 255.240.0.0 NONE description "LAN Link"
this is ifconfig:
em1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu
1500
lladdr 68:05:ca:22:d8:d3
index 3 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
bridge0: flags=41<UP,RUNNING>
index 6 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
tap1 flags=3<LEARNING,DISCOVER>
port 7 ifpriority 0 ifcost 0
em1 flags=3<LEARNING,DISCOVER>
port 3 ifpriority 0 ifcost 0
vether0 flags=3<LEARNING,DISCOVER>
port 8 ifpriority 0 ifcost 0
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:c5:d9
index 7 priority 0 llprio 3
groups: tap
status: active
vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d1:e5:18
description: LAN Link
index 8 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 172.16.0.1 netmask 0xfff00000 broadcast 172.31.255.255
The only option i wanted is to redirect ntp packets to router local
interface:
gater:~$ doas pfctl -sr
block return all
pass all flags S/SA
block drop in on em0 all
pass out on em0 inet from 172.16.0.0/12 to any flags S/SA nat-to
212.233.112.10
pass in log on bridge0 inet proto tcp from ! 172.16.0.5 to any port = 123
flags S/SA rdr-to 127.0.0.1
pass in log on bridge0 inet proto udp from ! 172.16.0.5 to any port = 123
rdr-to 127.0.0.1
But this rule just not working, and i cannot fix it.
I've tryed to change "bridge0" to "em0", it doen't change anything. pflog
doesn't log anything too.
This is from the client:
[kasak@kasakoff ~]$ ntpdate -q pool.ntp.org
server 195.3.254.2, stratum 2, offset +0.004216, delay 0.03334
server 192.36.143.130, stratum 1, offset +0.000088, delay 0.04488
server 193.192.36.3, stratum 3, offset -0.000007, delay 0.04155
server 80.240.216.155, stratum 2, offset +0.000807, delay 0.02821
27 Nov 12:04:17 ntpdate[155506]: adjust time server 192.36.143.130 offset
+0.000088 sec
[kasak@kasakoff ~]$ ntpdate -q 172.16.0.1
server 172.16.0.1, stratum 4, offset -0.000107, delay 0.02589
27 Nov 12:04:19 ntpdate[155511]: adjust time server 172.16.0.1 offset
-0.000107 sec
Is there some secret, I've failed to found in man?
Are you sure you mean em0 and not em1 in your pf rules?
em0 is my external interface, em1 is lan interface.
I see typo in my message.
I've tried to change "bridge0" to "em1", it doen't change anything.
Also i forgot to mention, 172.16.0.5 is not client address, it is
another server.
anyway, i tried from any to any too, it does not help either :(
