On 06/04/07 23:03, snowcrash+freebsd wrote:
> hi,
> i've fbsd 6.2R/p5, with pf compiled into a custom kernel.
> on boot, pf is, apparently, not starting.
> but, if i exec
>     /etc/rc.d/pf start
> immediately after boot to prompt is done, then all's OK.
> the only related (?) messages -- error or otherwise -- i've found are
> on startup.
> any ideas/suggestions as to what might be the prob? and/or how to
> troubleshoot?
> thanks!
> for reference, from console output @ startup,
> ----------------------------------------
> ...
> sis0: link state changed to UP
> sis1: link state changed to UP
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>        inet6 fe80::1%lo0 prefixlen 64 sscopeid 0x5
>        inet6 ::1 prefisxlen 128
>        inet2 netma:sk 0xff000000
> sis0: flags=8843l<UP,BROADCAST,RUiNNING,SIMPLEX,MUnLTICAST> mtu 149k2
>        options=48<V LAN_MTU,POLLING>s
>        inet netmask 0xfafffff00 broadcastt
>        ether 00:00:12:d4:15:88
>        media:t Ethernet autoseolect (100baseTX  <full-duplex>)
>        status: active
>        options=48<VLAN_MTU,POLLING>
>        ether 00:00:12:d4:15:89
>        media: Ethernet autoselect (100baseTX <full-duplex>)
>        status: active
> Starting pflog.
> pflog0: promiscuous mode enabled
> Enabling pf.
> Jun  4 13:38:11 pflogd[479]: [priv]: msg PRIV_OPEN_LOG received
> pf enabled


without seeing your pf.conf ruleset, I guess you're using a ppp
connection to your upstream provider and firewalling on the tunX
interface (using tun0 as $ext_if).

As FreeBSD boots up, this interface does not yet exist when pf is
loaded. As soon as ppp is loaded and interface tun0 has been created,
pf will happily load your ruleset.

The solution is to either have pf rules loaded late (later than ppp is
started) or use anchors and load ext rules into the anchor when the
ppp interface is up. The easier is to have the rules loading late
(check using rcorder) but this may also fail if something goes wrong
with ppp.


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to