On Wed, Jan 14, 2015 at 02:19:57PM +0800, Zhi-Qiang Lei wrote: > My router powered by OpenBSD 5.6 is connecting to a WAN via PPPoE. After boot > I have to run ???pf -f /etc/pf.conf??? to get NAT work. Is PF loaded before > the PPPoE is ready? How can I fix it? Thanks. > > # $OpenBSD: pf.conf,v 1.53 2014/01/25 10:28:36 dtucker Exp $ > # > # See pf.conf(5) for syntax and examples. > # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 > # in /etc/sysctl.conf if packets are to be forwarded between interfaces. > > # increase default state limit from 10'000 states on busy systems > #set limit states 100000 > > set skip on lo > > # filter rules and anchor for ftp-proxy(8) > #anchor "ftp-proxy/*" > #pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021 > > # anchor for relayd(8) > #anchor "relayd/*" > > block return # block stateless traffic > pass # establish keep-state > > # rules for spamd(8) > #table <spamd-white> persist > #table <nospamd> persist file "/etc/mail/nospamd" > #pass in on egress proto tcp from any to any port smtp \ > # rdr-to 127.0.0.1 port spamd > #pass in on egress proto tcp from <nospamd> to any port smtp > #pass in log on egress proto tcp from <spamd-white> to any port smtp > #pass out log on egress proto tcp to any port smtp > > > #block in quick from urpf-failed to any # use with care > > # By default, do not permit remote connections to X11 > block return in on ! lo0 proto tcp to port 6000:6010 > > ext_if=pppoe0 > int_if=vether0 > lan=$int_if:network > > pass out on $ext_if from $lan to any nat-to $ext_if >
Use pass out on $ext_if from $lan to any nat-to ($ext_if) which will update the nat-to address based on the address assigned to the interface. Then you no longer need to update pf.conf when the IP changes. -- :wq Claudio
