[Bug 210924] 10.3-STABLE - PF - possible regression in pf.conf set timeout interval

2016-08-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210924

--- Comment #6 from commit-h...@freebsd.org ---
A commit references this bug:

Author: loos
Date: Fri Aug  5 02:19:03 UTC 2016
New revision: 303760
URL: https://svnweb.freebsd.org/changeset/base/303760

Log:
  Fix a regression in pf.conf while parsing the 'interval' keyword.

  The bug was introduced by r287009.

  PR:   210924
  Submitted by: kp@
  Sponsored by: Rubicon Communications (Netgate)
  Pointy hat to:loos

Changes:
  head/sbin/pfctl/parse.y

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: default to wan1, definite subnet replies to wan2

2016-08-04 Thread Zeus Panchenko 
sorry for noise, please ignore this incomplete message

Zeus Panchenko  wrote:

> greetings,
> 
> I have two wan intefaces, wan1 and wan2
> 
> wan1 is for default
> 
> I have subnet in my LAN all replies from which I need to direct through
> wan2
> 
> I hoped to do that with this pf configuration:
> 
> if_service = "vlan1234" # service network
> table  const { 10.0.0.0/24 }
> # requests for the service 
> rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 
> port 5678
> nat log on $if_wan2 from  to any -> ($if_wan2)
> ...
> pass in log on $if_video route-to ($if_wan3 $gw_wan3) from  to ! 
>  keep state
> 

-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

wan1 as default, wan2 dedicated to a service

2016-08-04 Thread Zeus Panchenko 
hi,
I need trivial thing but wondering where am I wrong ... :(
help please

I have two WAN interfaces: wan1 and wan2
wan1 is default route interface, wan2 is dedicated for DVR (video)

I'm trying to direct all output from DVR to wan2 (here I do not care of
where a request to DVR came from, I want all replies to go out trough wan2)

so, I hoped to do that with this pf.config

---[ start ]
if_wan1 = "em0"
if_wan2 = "igb0" # ip address A.B.C.D
gw_wan2 = "E.F.G.H"
if_dvr="vlan123"
table  const { 10.0.0.0/24 }
# redirect all requests on wan2 to DVR host1
rdr pass on $if_wan2 proto { tcp, udp } to ($if_wan2) port 1234 -> 10.0.0.1 
port 5678
nat log on $if_wan2 from  to any -> ($if_wan2)
...
pass in log on $if_dvr route-to ($if_wan2 $gw_wan2) from  to any keep state
---[ stop  ]

as results, 
I see requests from world on $if_wan2
I see redirects of the requests, out packets on $if_dvr
I see replies to the requests, in packets on $if_dvr
but I see ($if_wan2) sourced replies, and I see them on *$if_wan1*

so, as I understand ... route-to works, otherwise replies wouldn't be
from ($if_wan2)

but nated replies appears on $if_wan1 what is default route ... so
... how can I have replies go out through $if_wan2? is it question of
the second routing table?

please, advise
-- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

[Bug 201519] pf NAT translates ICMP type 3 packects incorrectly

2016-08-04 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519

--- Comment #12 from Kristof Provost  ---
(In reply to clbuisson from comment #11)
I'm unable to reproduce the described behaviour on my system. Please make a
network capture so we can look in detail at what's going wrong.

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"