Re: stateful npf

To: netbsd-users%netbsd.org@localhost
Subject: Re: stateful npf
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Wed, 18 Apr 2018 13:06:37 +0100

Another attempt at npf state on -current/amd64.

ext iwn0: 10.168.5.65
int wm0:  192.168.2.62

Toy ipf setup works as expected:

# cat /etc/ipnat.conf
map iwn0 192.168.2.0/24 -> 10.168.5.65 portmap tcp/udp 40000:6000
map iwn0 192.168.2.0/24 -> 10.168.5.65
# cat /etc/ipf.conf
block in on wm0 all
pass in proto tcp from any to 10.168.5.4 port = 80 flags S/SA keep state


I hope this is the equivalent in npf:

# cat /etc/npf.conf
map iwn0 dynamic 192.168.2.0/24 -> 10.168.5.65

group "ext" on wm0 {
  block in all
  pass stateful in proto tcp flags S/SA from any to 10.168.5.4 port 80
}

group default {
  pass all
}


test: plug NetBSD-running rpi into wm0 as 192.168.2.26 and grab web page
from another NetBSD/amd64 webserver, 10.168.5.4. Webpage arrives with ipf,
but not with npf.


Cheers,

Patrick

Follow-Ups:
- Re: stateful npf
  - From: atomicules

References:
- stateful npf
  - From: Patrick Welche
- Re: stateful npf
  - From: Patrick Welche

Prev by Date: Re: lang/swi-prolog-lite : lighter still
Next by Date: Re: stateful npf
Previous by Thread: Re: stateful npf
Next by Thread: Re: stateful npf
Indexes:

Home | Main Index | Thread Index | Old Index