SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2008, 05:06 AM
| ||||
| ||||
 PPPoE tun0 interface and PF Hello, I am running an OpenBSD 3.4 firewall on i386 and got PPP running in background for my PPPoE ADSL connection. I've also got rules in pf.conf to filter traffic and such. From what I understood I need to use tun0 in my pf.conf rules. The problem is that when I reboot OpenBSD I get some error messages from PF that tells me that tun0 is not ready. This is quite logical as the ppp process hasn't started yet. I put my ppp process in /etc/rc.local and it looks like pf rules get started before. Is this normal ? How can I resolve this issue ? Thanks Regards      |
|
02-16-2008, 05:06 AM
| |||
| |||
| Re: PPPoE tun0 interface and PF Syn wrote: > Hello, > > I am running an OpenBSD 3.4 firewall on i386 and got PPP running in > background for my PPPoE ADSL connection. I've also got rules in pf.conf > to filter traffic and such. From what I understood I need to use tun0 in > my pf.conf rules. The problem is that when I reboot OpenBSD I get some > error messages from PF that tells me that tun0 is not ready. This is > quite logical as the ppp process hasn't started yet. I put my ppp > process in /etc/rc.local and it looks like pf rules get started before. > > Is this normal ? How can I resolve this issue ? > > Thanks > Regards > Is it complaining about nat/rdr ?, If so put your interface in parenthesis like this; # Nat the internal lan nat on tun0 from $MYNET to any -> (tun0) HTH. |
|
02-16-2008, 05:06 AM
| |||
| |||
| Re: PPPoE tun0 interface and PF bards wrote: > > Is it complaining about nat/rdr ?, If so put your interface in > parenthesis like this; > > # Nat the internal lan > nat on tun0 from $MYNET to any -> (tun0) I don't know if it's nat that he's complaining about but he is complaining  I get a message like "tun0 not defined" at system rebootbut nothing more. I will try than surrounding the interface name with parentheses, is that only for NAT rules or do I need to do that for other filter/altq and such ? Regards |
|
02-16-2008, 05:06 AM
| |||
| |||
| Re: PPPoE tun0 interface and PF Syn wrote: > bards wrote: > >> >> Is it complaining about nat/rdr ?, If so put your interface in >> parenthesis like this; >> >> # Nat the internal lan >> nat on tun0 from $MYNET to any -> (tun0) > > > > I don't know if it's nat that he's complaining about but he is > complaining I get a message like "tun0 not defined" at system reboot> but nothing more. > > I will try than surrounding the interface name with parentheses, is that > only for NAT rules or do I need to do that for other filter/altq and such ? > > Regards > Jus the nat rules seemed to do the trick for me. In fact I'm sure I tried for the regular rules etc and it complained loudly. I just checked my pf.conf and it only appears in the RHS of the 'NAT' lines. Cheers, Bards. |
|
02-16-2008, 05:06 AM
| |||
| |||
| Re: PPPoE tun0 interface and PF bards wrote: > Jus the nat rules seemed to do the trick for me. In fact I'm sure I > tried for the regular rules etc and it complained loudly. I just checked > my pf.conf and it only appears in the RHS of the 'NAT' lines. Thanks again for the tip I'm going to try that out ! Regards |
|
02-16-2008, 05:07 AM
| ||||
| ||||
| Re: PPPoE tun0 interface and PF "bards" <bards1888@yahoo.com.au.au> wrote in message news:bs6hd2$1gsb$1@otis.netspace.net.au... > Syn wrote: > > Hello, > > >> > Is it complaining about nat/rdr ?, If so put your interface in > parenthesis like this; > > # Nat the internal lan > nat on tun0 from $MYNET to any -> (tun0) > It still complaining with this setup. My work around is to assigned another interface (eg. fxp0) to it during the system in booting stage (when tun0 is no UP), and when it finished the booting stage, use /etc/ppp/ to call another pf.conf file. In my case, I put the following line in the /etc/ppp/ppp.linkup file: ! sh -c "/sbin/pfctl -e -F all -f /etc/pf.conf.strict-f" pf.conf.strict-f has the correct interface (tun0) assigned to nat rule. Since I've turned on ppp dail-up in /etc/rc.local with the following command: /usr/sbin/ppp -ddial pppoe this command will invoke the script in /etc/ppp/, the ppp.linkup file if ppp.conf called successfully, thereffore tun0 will be turnned on by ppp.conf. When tun0 is turned on, /etc/ppp/ppp.linkup is invoked, now the pfctl command should complete the re-initialisation of the pf.conf.strict-f rule successfully. sam > > HTH. > |
Linear Mode
