Re: Netbsd 6 NPF npfctl stats and logging

[Mike <miguelmclara%gmail.com@localhost>]

Em 19-06-2012 12:18, Mindaugas Rasiukevicius escreveu:
> Hello,
> 
> "Mike C." <miguelmclara%gmail.com@localhost> wrote:
>> I've been testing with NPF, but since I could not find much
>> documentation except the man pages I have some doubts.
>>
>> ...
>>
>> And if I may add another question, I get this error:
>> # npfctl
>> reload
> 
> Did you run "npfctl start" after (re)load?
>

I did and it didn't work, no I'm getting a kernel panic when starting
it, I guess I should wait for the changes on netbsd-6 or try this on
current.

>>
>> /etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'
>>
>> what's the correct syntax in this case? I've tried:
> 
> It should be clarified, but the reason is that $ext_if has multiple IP
> addresses (if IPv6 is enabled, that is already the case).  Therefore, NPF
> does not know which address to use for the translation.  Try to specify
> the address explicitly.  More convenient way to select some address of
> an interface would be useful (suggestions for syntax are welcome).
>

Yes I did that, because this interface is dhcp assigned, and it worked.
Btw on pf.conf the syntax for this scenario would be to use "()" like ->
($ext_if)

> Note that the syntax has changed in -current (they will also appear in
> netbsd-6 once the changes are pulled up).  Check the man page for the
> changes.  Your NAPT rule would be the following (where $nataddr is your
> external/translation address):
> 
> map $ext_if dynamic $localnet -> $nataddr
> 

Nice to know, well more and more I think it might be best to move to
-current

Thanks for the help