Hi -
Maybe I've been looking at this too long...
can someone tell me why this npf.conf
is not providing gw service to 10.0.0.0/24
via 10.0.0.1, the wm0 interface? The npf
host has fully functional gw via a wm1
interface on the 10.0.1.0/24 network.
# npfctl show
# filtering: active
# config: loaded
procedure "log"
map wm1 dynamic any -> 10.0.1.1 pass family inet4 from 10.0.0.0/24
group "external" on wm1
pass stateful out final family inet4 from 10.0.0.0/24
pass stateful out final all
pass stateful in final family inet4 proto tcp flags S/FSRA to
10.0.1.1 port 22
group "internal" on wm0
block return-icmp in all
pass in final family inet4 from 10.0.0.0/24
pass out final all
group
pass final on lo0 all
pass final on wm0 all
block return-icmp all
# ifconfig -a |grep -E '(^wm|inet )' | grep -v 127.0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
wm1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
# netstat -finet -anr | grep -E '(link|default)'
default 10.0.1.1 UGS - - - wm1
10.0.1/24 link#2 UC - - - wm1
10.0.0/24 link#1 UC - - - wm0
Hosts on the 10.0.0.0/24 network configured to use the npf
host as gw can reach the npf "external" 10.0.1.1 wm0 interface,
but nothing else on 10.0.1.0/24 or beyond. What's missing?
Thanks!
-George
--
George Georgalis, (415) 894-2710, http://www.galis.org/
