Re: Netbsd 6 NPF npfctl stats and logging

To: "Mike C." <miguelmclara%gmail.com@localhost>
Subject: Re: Netbsd 6 NPF npfctl stats and logging
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Tue, 19 Jun 2012 12:18:33 +0100

Hello,

"Mike C." <miguelmclara%gmail.com@localhost> wrote:
> I've been testing with NPF, but since I could not find much
> documentation except the man pages I have some doubts.
> 
> ...
> 
> And if I may add another question, I get this error:
> # npfctl
> reload

Did you run "npfctl start" after (re)load?

> 
> /etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'
> 
> what's the correct syntax in this case? I've tried:

It should be clarified, but the reason is that $ext_if has multiple IP
addresses (if IPv6 is enabled, that is already the case).  Therefore, NPF
does not know which address to use for the translation.  Try to specify
the address explicitly.  More convenient way to select some address of
an interface would be useful (suggestions for syntax are welcome).

Note that the syntax has changed in -current (they will also appear in
netbsd-6 once the changes are pulled up).  Check the man page for the
changes.  Your NAPT rule would be the following (where $nataddr is your
external/translation address):

map $ext_if dynamic $localnet -> $nataddr

-- 
Mindaugas

Follow-Ups:
- Re: Netbsd 6 NPF npfctl stats and logging
  - From: Mike

References:
- Netbsd 6 NPF npfctl stats and logging
  - From: Mike C.

Prev by Date: Re: Specifying names for tap interfaces
Next by Date: Re: Netbsd 6 NPF npfctl stats and logging
Previous by Thread: Netbsd 6 NPF npfctl stats and logging
Next by Thread: Re: Netbsd 6 NPF npfctl stats and logging
Indexes:

Home | Main Index | Thread Index | Old Index