PF: no route to host

P

Plaetzchen

Hello all,
I have a 9.0 fw/dhcpd/pptp currently running ipf/ipnat but looking to switch to pf but having a route issue that I cannot seem to pin down.

ipf/ipnat are working great but whenever I switch to pf, I am unable to route to even myself. netstat -nr look the same using either so I cant see a problem there. It leads me to believe that it would be a pf.conf issue but being new to pf, I just don't see the problem.

I tried to keep the pf.conf as simple as possible and keep to the sample pf entries just so I can get anything to work. I can't even ping myself at this point. I really just hope that I've over looked something.

Any help would be much appreciated!

rc.conf
Code: 
#PF SETTINGS
pf_enable="YES"                        # Enable PF (load module if required)
pf_rules="/etc/pf.conf"                # rules definition file for pf
pf_flags=""                            # additional flags for pfctl startup
pflog_enable="YES"                     # start pflogd(8)
pflog_logfile="/var/log/pf.log"        # where pflogd should store the logfile
pflog_flags=""                         # additional flags for pflogd startup
pflogd_enable="YES"
pfsync_enable="NO"

pf.conf
Code: 
ext_if="xl0"
int_if="bge0"

set loginterface $ext_if

set skip on lo0

nat on $ext_if from !($ext_if) -> ($ext_if:0)

block in
pass out

pass quick on $int_if no state
antispoof quick for { lo $int_if }
 
Try this:
Code: 
ext_if="xl0"
int_if="bge0"

set loginterface $ext_if

set skip on lo0

nat on $ext_if from !($ext_if) -> ($ext_if:0)

block all

pass out on $ext_if from any to any keep state
 
Hey SirDice,

No luck on the modified pf.conf, I tried pinging my bge0, xl0 and telneting to an open console port on lo0 with no success

I also tried...
Code: 
ext_if="xl0"
int_if="bge0"

set loginterface $ext_if

set skip on lo0

nat on $ext_if from !($ext_if) -> ($ext_if:0)

#block all
pass all
pass out on $ext_if from any to any keep state

but this also did not help..

a few more notes:

pfctl -s rules (with recommend pf.conf)
Code: 
block drop all
pass out on xl0 all flags S/SA keep state
rc.conf
Code: 
hostname="FIRE.my.domain"
keymap="us.iso.kbd"

#WAN interface xl0 (card)
ifconfig_xl0="DHCP"

#LAN interface bge0 (mtb)
ifconfig_bge0="inet 192.168.6.254 netmask 255.255.255.0"

ftpd_enable="YES"
sshd_enable="YES"
gateway_enable="YES"

# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"

#IPF/IPNAT SETTINGS
#ipfilter_enable="YES"
#ipnat_enable="YES"

#DHCPD
dhcpd_enable="YES"
dhcpd_ifaces="bge0"

#DARKSTAT MONITORING PORT 667
darkstat_enable="YES"
darkstat_interface="xl0"                #Monitoring Interface
darkstat_flags="-b 192.168.6.254"       #667 binding address

# MPD5
mpd_enable="YES"
mpd_flags="-b -s mpd5"

# X11 modules
hald_enable="YES"
dbus_enable="YES"

# PF SETTINGS
pf_enable="YES"                         # Enable PF (load module if required)
pf_rules="/etc/pf.conf"                # rules definition file for pf
pf_flags=""                             # additional flags for pfctl startup
pflog_enable="YES"                             # start pflogd(8)
pflog_logfile="/var/log/pf.log"        # where pflogd should store the logfile
pflog_flags=""                          # additional flags for pflogd startup
pflogd_enable="YES"
pfsync_enable="NO"
netstat -nr
Code: 
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            a.b.c.1            UGS         0       24    xl0
a.b.c.0/20         link#7             U           0        0    xl0
a.b.d.e            link#7             UHS         0        0    lo0
127.0.0.1          link#9             UH          0        3    lo0
192.168.6.0/24     link#1             U           0       15   bge0
192.168.6.254      link#1             UHS         0        0    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               ::1                           UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%bge0/64                    link#1                        U          bge0
fe80::214:22ff:fe61:45f9%bge0     link#1                        UHS         lo0
fe80::%lo0/64                     link#9                        U           lo0
fe80::1%lo0                       link#9                        UHS         lo0
ff01::%bge0/32                    fe80::214:22ff:fe61:45f9%bge0 U          bge0
ff01::%lo0/32                     ::1                           U           lo0
ff02::/16                         ::1                           UGRS        lo0
ff02::%bge0/32                    fe80::214:22ff:fe61:45f9%bge0 U          bge0
ff02::%lo0/32                     ::1                           U           lo0
 
FIXED...
So for giggles, I realized that I was still using the 9.0-RELEASE and so I updated to 9.0-RELEASE-p3 and all seems to be working now. I had looked this up but I didn't see any changes related to this explicitly and so I didn't feel the need to update. Lesson learned. again...

Thanks for the help SirDice!
 
You must log in or register to reply here.
Back
Top