On 2013 Feb 07 (Thu) at 09:26:03 -0500 (-0500), sven falempin wrote: :On Thu, Feb 7, 2013 at 8:47 AM, Peter Hessler <phess...@theapt.org> wrote: : :> On 2013 Feb 07 (Thu) at 13:44:22 +0000 (+0000), Stuart Henderson wrote: :> :On 2013/02/07 08:29, sven falempin wrote: :> :> Hello, :> :> :> :> I run OpenBSD 5.2 GENERIC#278 i386 for a while at home (wifi/router), :> and :> :> since the release no reboot nor problem. :> :> The Box is connected to a cable modem router that gives a public ip :> address :> :> over dhcp or a local one if the line is cut. :> :> :> :> So sometimes my egress is 192.168.100.1 sometimes it is a public IP. :> :> :> :> I use the pf rules: :> :> match out on ext from 192.168.4.0/24 to !(self) nat-to ext :> :> and :> :> # cat /etc/hostname.vr0 :> :> dhcp group ext :> :> :> :> This morning i had to reload the rules *manually* because after a lease :> :> change the 'ext' was style the 'wait for connection' IP address, not the :> :> new one :'( . :> :> :> :> 1360148793.967298 00:1d:b8:24:c0:40 64:10:f2:3f:eb:dd 0800 74: :> :> 192.168.100.1 > 68.180.206.184: icmp: echo request :> :> like, they re gonna be a reply ! :> :> :> :> Afaik the dhcp client script is or will be disabled, :> :> :> :> can i do something to speed up the process of re-associating ext to the :> :> good IP address when the box get a new lease ? :> : :> :From pf.conf(5): :> :X-Spam-Status: No, hits=0.000000 required=0.900000 :> : :> : Surrounding the interface name (and optional modifiers) in :> : parentheses changes this behaviour. When the interface name :> is :> : surrounded by parentheses, the rule is automatically updated :> : whenever the interface changes its address. The ruleset :> does not :> : need to be reloaded. This is especially useful with nat. :> : :> :You may need to use (vr0) rather than (ext), not sure. :> : :> :> (egress) does the right thing, btw. :> :> -- :> If money can't buy happiness, I guess you'll just have to rent it. :> :> :Thank you for answers :-) : :egress, vr0 ext are all the same, arent they ? : :i'll try to put egress, and see if the update time change (unless it is :obvious in the code ?) :
The egress group is added to whichever interface has a default route. I prefer using this, so I don't need to worry which interface I am using. -- Put no trust in cryptic comments.
