dhcp

sven falempin Fri, 08 Feb 2013 05:58:23 -0800

On Thu, Feb 7, 2013 at 5:17 PM, sven falempin <sven.falem...@gmail.com>wrote:


>
>
> On Thu, Feb 7, 2013 at 10:09 AM, Stuart Henderson <s...@spacehopper.org>wrote:
>
>> On 2013/02/07 10:01, sven falempin wrote:
>> > On Thu, Feb 7, 2013 at 9:44 AM, Stuart Henderson <s...@spacehopper.org
>> >wrote:
>> >
>> > > On 2013/02/07 09:26, sven falempin wrote:
>> > > > egress, vr0 ext are all the same, arent they ?
>> > >
>> > > Probably, but you didn't give enough information to be sure.
>> > >
>> > > For example if you have IPv6 via a tunnel interface (or perhaps
>> > > more importantly, if you later add it), then that will also be
>> > > in the egress group but might not have an IPv4 address and I
>> > > haven't tested to see how that works. Or if you have a lower
>> > > priority default route via another interface that you didn't
>> > > mention, then that could also be in 'egress'. Perhaps unlikely
>> > > but without the information I don't want to make assumptions.
>> > >
>> > > (Personally I do like using interface groups where I'm referring
>> > > to the interface, but try and tie things down a bit further for
>> > > IP addresses especially for NAT).
>> > >
>> > >
>> > My problem is the time between an address ip change on an interface and
>> the
>> > nat rules actually use the new address.
>> > For my rules i am happy with my ext, but i will test vr0 see if it is
>> > faster.
>> > Or maybe dive into the source if i am bored.
>>
>> from the manpage section I quoted earlier:
>>
>>                                                   WHEN THE INTERFACE NAME
>> IS
>>              SURROUNDED BY PARENTHESES, THE RULE IS AUTOMATICALLY UPDATED
>>              WHENEVER THE INTERFACE CHANGES ITS ADDRESS.  THE RULESET
>> DOES NOT
>>              NEED TO BE RELOADED.  THIS IS ESPECIALLY USEFUL WITH NAT.
>>
>>
> # cat -n /etc/pf.conf | grep nat
>     26  match out on vr0 from 192.168.42.0/24 to !(self) nat-to ext
>     28  match out on ext from 192.168.142.0/24 to !(self) nat-to ext
> # pfctl -nf /etc/pf.conf
> /etc/pf.conf:26: syntax error
> /etc/pf.conf:28: syntax error
>
> :-(
>
> i meant:

# cat -n /etc/pf.conf | grep nat
    26  match out on (vr0) from 192.168.42.0/24 to !(self) nat-to ext
    28  match out on (ext) from 192.168.142.0/24 to !(self) nat-to ext
# pfctl -nf /etc/pf.conf
/etc/pf.conf:26: syntax error
/etc/pf.conf:28: syntax error


>
> --
>
> ---------------------------------------------------------------------------------------------------------------------
> () ascii ribbon campaign - against html e-mail
> /\
>



-- 
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\

Re: pfctl / nat / dhcp

Reply via email to