On Wed, Jun 20, 2007 at 10:47:43AM +0200, Henning Brauer wrote:
> * Brian A. Seklecki <[EMAIL PROTECTED]> [2007-06-20 07:39]:
> > Very bizarre. The only advice I can offer is that maybe it's getting
> > confused on "-> $nat_if" instead of the more-pragmatic "-> ($nat-if)".
> >
> > Perhaps the parse code is trying too hard to resolve $nat_if in the
> > former, and thus finding the underlying interface instead of the logical
> > upper layer vlan interface?
>
> no way.
>
> to teh original poster, please show:
> 1) ifconfig -A
vlan109: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0e:0c:b2:e3:e3
vlan: 109 priority: 0 parent interface: fxp1
groups: vlan egress
inet6 fe80::20e:cff:feb2:e3e3%vlan109 prefixlen 64 scopeid 0x10
inet 192.168.13.1 netmask 0xfffffff8 broadcast 192.168.13.7
> 2) pf.conf
> 3) pfctl -nvf /etc/pf.conf
>
> specically, compare the nat rule(s) in 2) and 3). you should see
> $nat_if replaced by an IP address. of course do NOT use ($nat_if) for
> that
Ahh.
#3 shows the following:
nat pass log on vlan109 inet6 from <tww_nets> to any ->
fe80::20e:cff:feb2:e3e3
when #2 looks like:
nat pass log on $nat_if from <tww_nets> to any -> $nat_if
And, #3 shows the following:
nat pass log on vlan109 from <tww_nets> to any -> (vlan109) round-robin
when #2 looks like:
nat pass log on $nat_if from <tww_nets> to any -> ($nat_if)
I guess pf picks the first address for the interface.
--
albert chin ([EMAIL PROTECTED])
