First, the issue. I'm trying to assign and use multiple IPs on a single interface for my Freebsd 10.1 pf firewall.
The core issue that I'm having is that packets are being dropped when sourced from any IP, except the non-aliased IP (X.X.X.109 below). I'm testing this with a very simple
It should be noted that a
For a little bit of background, I'm currently attempting to move from ages old install of FreeBSD 8.1 to a new 10.1 box. The same configs, rc.conf and pf.conf, work fine on the 8.1 box. I'm able run the same ping referenced above on the 8.1 machine without issue.
Is there some config option I'm missing that's required in 10.1 that wasn't required in 8.1? I feel like there's some sysctl or something here that allows for sourcing from multiple IPs on an interface that was added somewhere along the way between 8.1 and 10.1...
Anyone have any ideas here?
Here's my semi-obfuscated snippet from my rc.conf:
The relevant portion of my pf.conf (I have everything setup correctly here, I'm fairly certain).
The core issue that I'm having is that packets are being dropped when sourced from any IP, except the non-aliased IP (X.X.X.109 below). I'm testing this with a very simple
ping -S X.X.X.105 8.8.8.8. Via a tcpdump, I see the packets going out to 8.8.8.8 and returning to the 105 address, but not actually making it back to "ping" itself. This means they are getting dropped somewhere... My first thought was that I had a broken rule wherein pf was dropping them. Since I had a block log all (see below) rule, I tcpdump -nni pflog0 and I don't see any of those packets landing there.It should be noted that a
ping -S X.X.X.109 8.8.8.8 works just fine.For a little bit of background, I'm currently attempting to move from ages old install of FreeBSD 8.1 to a new 10.1 box. The same configs, rc.conf and pf.conf, work fine on the 8.1 box. I'm able run the same ping referenced above on the 8.1 machine without issue.
Is there some config option I'm missing that's required in 10.1 that wasn't required in 8.1? I feel like there's some sysctl or something here that allows for sourcing from multiple IPs on an interface that was added somewhere along the way between 8.1 and 10.1...
Anyone have any ideas here?
Here's my semi-obfuscated snippet from my rc.conf:
Code:
ifconfig_vr0="inet X.X.X.109 netmask 255.255.255.248 media 100baseTX mediaopt full-duplex"
ifconfig_vr0_alias0="inet X.X.X.106 netmask 255.255.255.255"
ifconfig_vr0_alias1="inet X.X.X.107 netmask 255.255.255.255"
ifconfig_vr0_alias2="inet X.X.X.108 netmask 255.255.255.255"
ifconfig_vr0_alias3="inet X.X.X.105 netmask 255.255.255.255"
defaultrouter="X.X.X.110"The relevant portion of my pf.conf (I have everything setup correctly here, I'm fairly certain).
Code:
ext_if="vr0"
block log all
pass from $ext_if to any keep state
Last edited by a moderator:
