On Wed, Nov 26, 2008 at 04:16:30PM -0600, Patric wrote:
> On Wed, 2008-11-26 at 14:37 -0500, Jason Dixon wrote:
> > On Wed, Nov 26, 2008 at 12:52:47PM -0600, Patric wrote:
> > > My current pf.conf
> > >
> > > __________________________
> > > ext_if = "xl2"
> > > int_if = "xl1"
> > > localnet = $int_if:network
> > > nat on $ext_if from $localnet to any -> ($ext_if)
> > > pass from { lo0, $localnet } to any keep state
> > > __________________________
> > >
> > > this is pretty much the most basic natting pf.conf described in "The
> > > Book of PF" and I can't pass any traffic through it at all, pftop shows
> > > nothing, and I am starting to doubt my sanity, any help is greatly
> > > appreciated.
> >
> > Did you enable net.inet.ip.forwarding? Is pf actually enabled? You're
> > not giving us much detail as far as your troubleshooting.
> >
> # grep net.ip.forwarding /etc/sysctl.conf
> net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
> packets
> # grep pf /etc/rc.conf.local
> pf=YES
> pf_rules=/etc/pf.conf #
> pflog_enable="YES"
> pflog_logfile="/var/log/pflog"
> # uptime
> 9:50AM up 2 mins, 1 user, load averages: 0.30, 0.25, 0.11
> # pfctl -e
> pfctl: pf already enabled
What sort of tcpdump troubleshooting have you tried?
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
