* Albert Chin <[EMAIL PROTECTED]> [2007-06-20 11:24]: > On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote: > > * Brian A. Seklecki <[EMAIL PROTECTED]> [2007-06-20 07:39]: > > > Very bizarre. The only advice I can offer is that maybe it's getting > > > confused on "-> $nat_if" instead of the more-pragmatic "-> ($nat-if)". > > > > > > Perhaps the parse code is trying too hard to resolve $nat_if in the > > > former, and thus finding the underlying interface instead of the logical > > > upper layer vlan interface? > > > > no way. > > > > to teh original poster, please show: > > 1) ifconfig -A > > vlan109: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 > lladdr 00:0e:0c:b2:e3:e3 > vlan: 109 priority: 0 parent interface: fxp1 > groups: vlan egress > inet6 fe80::20e:cff:feb2:e3e3%vlan109 prefixlen 64 scopeid 0x10 > inet 192.168.13.1 netmask 0xfffffff8 broadcast 192.168.13.7
strange, on all my boxes there is al least lo0 and enc0, something in your kernel is broken. and fxp* disappeared too. > > 2) pf.conf > > 3) pfctl -nvf /etc/pf.conf > > > > specically, compare the nat rule(s) in 2) and 3). you should see > > $nat_if replaced by an IP address. of course do NOT use ($nat_if) for > > that > > Ahh. > > #3 shows the following: > nat pass log on vlan109 inet6 from <tww_nets> to any -> > fe80::20e:cff:feb2:e3e3 > when #2 looks like: > nat pass log on $nat_if from <tww_nets> to any -> $nat_if sp pf cannot figure out the address family for this rule, and picks v6 while you want v4. so just specify v4 explicitely: nat pass log on $nat_if inet from <tww_nets> to any -> $nat_if -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam