Hi all,

I've been testing with NPF, but since I could not find much
documentation except the man pages I have some doubts.

First and if this somehow changes anything I'd like to refer I'm testing
this on a NetBSD 6.0 BETA 2 Xen domU.

I've recompiled the kernel adding npf support but I can't seem to get
the logging woring nor I see anything in npfctl stats.

npfctl stats
Packets passed:
0 default pass
0 ruleset pass
0 session pass

Packets blocked:
0 default block
0 ruleset block

Session and NAT entries:
0 session allocations
0 session destructions
0 NAT entry allocations
0 NAT entry destructions

Invalid packet state cases:
0 cases in total
0 TCP case I
0 TCP case II
0 TCP case III

Packet race cases:
0 NAT association race
0 duplicate session race

Rule processing procedure cases:
0 packets logged
0 packets normalized

Unexpected error cases:
0


tcpdump show nothing for the interface npflog0, the interface is created
and UP:

# ifconfig npflog0
npflog0: flags=1<UP>


Am I missing anything trivial? If so sorry for taking your time, but any
help will be very much appreciated.

I'm just using the example config in the man page.



And if I may add another question, I get this error:
# npfctl
reload

/etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'

what's the correct syntax in this case? I've tried:

nat $ext_if from 192.168.100.0/24 to any -> ($ext_if)

But in this case It complains about the "(" so its obviously not the
correct syntax!


Thank you





--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de