Newbie running 3.3 stable with pf, dhcpd and isakmpd... ...recently upgraded to stable in the hopes of curing some ill that I have... and now I ask for peer review...
(IP addresses changed to hypothetically protect the innocent...) The following snippets work fine under 3.2 release (on similar machine): # IP card will not accept connections from arbitrarily sourced ports--must be from UDP port 5004 and 5567 nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext port 5004 nat on $ext inet proto udp from $ipp port = 5567 to $ipc -> $ext port 5567 nat on $ext from $pri to any -> $ext # pfctl -s all ... nat on ep1 inet proto udp from 172.30.0.127 port = 5004 to 191.255.255.1 -> 223.255.255.1 port 5004 nat on ep1 inet proto udp from 172.30.0.127 port = 5567 to 191.255.255.1 -> 223.255.255.1 port 5567 nat on ep1 inet from 172.30.0.0/24 to any -> 223.255.255.1 tcp 172.30.0.127:34777 -> 223.255.255.1:59549 -> 191.255.255.1:5566 ESTABLISHED:ESTABLISHED udp 172.30.0.127:5567 -> 223.255.255.1:5567 -> 191.255.255.1:5567 MULTIPLE:SINGLE The following snippets DO NOT work fine under 3.3 stable (on similar machine): # IP card will not accept connections from arbitrarily sourced ports--must be from UDP port 5004 and 5567 nat on $ext inet proto udp from $ipp port = 5004 to $ipc -> $ext port 5004 nat on $ext inet proto udp from $ipp port = 5567 to $ipc -> $ext port 5567 nat on $ext from $pri to any -> $ext # pfctl -s all ... nat on ep1 inet proto udp from 172.30.0.127 port = 5004 to 191.255.255.1 -> 223.255.255.1 port 5004:35859 nat on ep1 inet proto udp from 172.30.0.127 port = 5567 to 191.255.255.1 -> 223.255.255.1 port 5567:48917 nat on ep1 inet from 172.30.0.0/24 to any -> 223.255.255.1 udp 172.30.0.127:5567 -> 223.255.255.1:34166 -> 191.255.255.1:5567 SINGLE:NO_TRAFFIC Any thought on what I might be doing wrong are appreciated... Danny
