Re: Trouble using :peer modifier correctly
Does it matter that the subnet mask is configured as a /30, or is it the media type that controls this behavior? Is there any way to use this mechanism on an ethernet interfaces? On Mon, Mar 31, 2008 at 12:16 AM, Theo de Raadt [EMAIL PROTECTED] wrote: We're trying to use the :peer modifier to minimize the number of macros in our pf configuration files. For some reason we can't get it to work: # cat /etc/pf.conf set skip on lo block log pass in quick on fxp0 inet proto tcp from fxp0:peer to fxp0 port ssh # pfctl -n -f /etc/pf.conf no IP address found for fxp0:peer /etc/pf.conf:5: could not parse host specification :peer Translates to the point to point interface's peer ad- dress(es). That won't work. Your fxp is not a point-to-point interface. It is a broadcast interface. It has many peers, not one.
Re: Trouble using :peer modifier correctly
On 13:49:15 Mar 31, Egbert Krook wrote: On Mon, Mar 31, 2008 at 02:29:58AM -0400, Nick Davey wrote: On Mon, Mar 31, 2008 at 12:16 AM, Theo de Raadt [EMAIL PROTECTED] :peer Translates to the point to point interface's peer That won't work. Your fxp is not a point-to-point interface. It is a broadcast interface. It has many peers, not one. It doesn't matter. If you look at my ifconfig output you'll see I already tried that. No use trying that. In the case of PPP alone, there is a concept of point to point link. There are other less common protocols with similar characteristics but for now let us focus on this one. It is like taking a bus from one point and dozing off. Once you wake up you wake up at the other point - your destination. This is not the usual case with buses that stop many times along the way. PPP is the former and Ethernet the latter. You can clearly see that the :peer specifier would make sense only on a point to point link and not otherwise. Hope this clarifies matters. Thanks. -Girish
Re: Trouble using :peer modifier correctly
On 02:29:58 Mar 31, Nick Davey wrote: Does it matter that the subnet mask is configured as a /30, or is it the media type that controls this behavior? Is there any way to use this mechanism on an ethernet interfaces? Ethernet is a broadcast medium. The :peer specifier works only for point to point links like PPP or SLIP. No matter what you do it won't work with Ethernet. For further details you can read up the OSPF RFC or google for broadcast networks and point to point network topologies. -Girish
Trouble using :peer modifier correctly
Hello, We're trying to use the :peer modifier to minimize the number of macros in our pf configuration files. For some reason we can't get it to work: # cat /etc/pf.conf set skip on lo block log pass in quick on fxp0 inet proto tcp from fxp0:peer to fxp0 port ssh # pfctl -n -f /etc/pf.conf no IP address found for fxp0:peer /etc/pf.conf:5: could not parse host specification # ifconfig fxp0 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:a0:c9:5c:a6:72 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.1 netmask 0xfffc broadcast 192.168.1.3 inet6 fe80::2a0:c9ff:fe5c:a672%fxp0 prefixlen 64 scopeid 0x2 We're testing with OpenBSD 4.2 (Release). Kind regards, -- Egbert Krook System/Network Engineer Amarin Printing and Publishing Public Co., Ltd.
Re: Trouble using :peer modifier correctly
We're trying to use the :peer modifier to minimize the number of macros in our pf configuration files. For some reason we can't get it to work: # cat /etc/pf.conf set skip on lo block log pass in quick on fxp0 inet proto tcp from fxp0:peer to fxp0 port ssh # pfctl -n -f /etc/pf.conf no IP address found for fxp0:peer /etc/pf.conf:5: could not parse host specification :peer Translates to the point to point interface's peer ad- dress(es). That won't work. Your fxp is not a point-to-point interface. It is a broadcast interface. It has many peers, not one.
