Re: Rules must be in order

Huzeyfe Onal Sat, 30 Dec 2006 23:43:57 -0800

Hi,

error says what sohuld you do:
"/etc/pf.conf:13: Rules must be in order: options, normalization, queueing,"


Your pf rules order is wrong. The order should be
like...Queue->NAT->Filtering...

new pf.conf ;
---
ext_if="lnc0"   # replace with actual external interface name i.e., dc0
int_if="lnc0"   # replace with actual internal interface name i.e., dc1
internal_net1="10.10.1.1/24"
internal_net2="10.10.2.1/24"

altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
queue internal_net2 bandwidth 64Kb cbq(default borrow)
queue internal_net1 bandwidth 64Kb cbq(red borrow)


nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194

pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)

----



On 12/31/06, sukaca <[EMAIL PROTECTED]> wrote:

dear all

i just configure pf+altq
and got error masssage

this my config

ext_if="lnc0"   # replace with actual external interface name i.e., dc0
int_if="lnc0"   # replace with actual internal interface name i.e., dc1
internal_net1="10.10.1.1/24"
internal_net2="10.10.2.1/24"

altq on lnc0 cbq bandwidth 128Kb  queue { internal_net1, internal_net2 }
queue internal_net2 bandwidth 64Kb cbq(default borrow)
queue internal_net1 bandwidth 64Kb cbq(red borrow)

pass out on lnc0 from any to any   queue (internal_net1, internal_net2)
pass in  on lnc0 from any to any   queue (internal_net1, internal_net2)

nat on lnc0 from 10.10.1.0/24 to any -> 124.81.224.194
nat on lnc0 from 10.10.2.0/24 to any -> 124.81.224.194

the error is

pfctl -f /etc/pf.conf
/etc/pf.conf:13: Rules must be in order: options, normalization, queueing,
translation, filtering
/etc/pf.conf:14: Rules must be in order: options, normalization, queueing,
translation, filtering
pfctl: Syntax error in config file: pf rules not loaded

where is my wrong
and what should i do

thanks and regard

vicky
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"




--
Huzeyfe ÖNAL
EnderUnix Core Team Member
[EMAIL PROTECTED]
http://www.enderunix.org/huzeyfe
+90 555 255 4593

Ag guvenligi listesine uye oldunuz mu?
http://www.huzeyfe.net/netsec.html
---
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Rules must be in order

Reply via email to