Re: No pf....route exists

From: Peter N. M. Hansteen (peter_at_bgnett.no)
Date: 05/24/05

• Next message: M.K.: "3.7/i386 prob's building sendmail"
• Previous message: Keith Matthews: "Re: Books on BSD source - date relevance?"
• In reply to: Inquiry: "No pf....route exists"
• Next in thread: Inquiry: "Re: No pf....route exists"
• Reply: Inquiry: "Re: No pf....route exists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 24 May 2005 09:52:05 +0200

"Inquiry" <openbsd_inquiry@yahoo.com> writes:

> - using a standalone host
> - a route has been set within the system according to the route command
> - I am connecting to the Internet with no firewall at this time...once
> pfctl invokes pf.conf "pfctl -e -f /etc/pf.conf" no packets route.

It looks to me like you are making things overly complicated. (One of
the errors is very easy to explain btw - the _ppp user does not have the
privileges to run the pfctl command.)

For one thing, why is it useful to enable or disable pf? pf does not
consume a lot of resources, and compensating for dynamically assigned IP
addresses does not take major magic.

If you are able to connect to the internet without pf, I'd say you have
a reasonable starting point. Go back to the last working setup (the
last one which connected cleanly), strip away anything you're not
positive you need, such as the route commands in rc.local. ppp is pretty
good at setting sensible default routes, and IIRC the default HISADDR
etc belongs strictly in the ppp config files, so you may be setting
yourself up with a default route going essentially nowhere with your
rc.local. Take it from there, create a nice rule set which does its
filtering on the tun0 device.

It's possible my evolving pf tutorial at http://www.bgnett.no/~peter/pf/
is useful.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

• Next message: M.K.: "3.7/i386 prob's building sendmail"
• Previous message: Keith Matthews: "Re: Books on BSD source - date relevance?"
• In reply to: Inquiry: "No pf....route exists"
• Next in thread: Inquiry: "Re: No pf....route exists"
• Reply: Inquiry: "Re: No pf....route exists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Wireless AND ethernet to same router ... how are the Metrics fixed? ... Metrics are set by the ROUTE command. ... METRIC value with the route command and force the traffic to go via ... METRIC is totally hardware specific. ... (alt.internet.wireless) Re: Linux Routing Woes ... >The following routing table is from my Solaris box: ... It keeps placing 0.0.0.0 for the host route: ... With this route table the Linux box will route all 172.16.24.0 ... the host route command was used above, ... (comp.os.linux.networking) Re: need help with route command ... A route command specifies ... If you are using the Microsoft VPN client, ... > ISP to my linksys wrv54G) and want to route PARTIAL web and POP/SMTP ... > VPN tunnel to my home, then to the Internet from the home connection. ... (microsoft.public.win2000.ras_routing) Re: bug in route command? ... Is there a bug in the route command that causes the specification ... > It produces a syntax error message. ... > following modifiers may be used: ... (comp.unix.bsd.openbsd.misc) Re: Help routing ... > Im setting up a serial line connection and i am unable to ping because it says no host. ... > Do i need to add a route command like this? ... (freebsd-questions)

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint