Greetings,
Thanks so much to Zeloff and Stuart Henderson; I managed to solve the
problem.
> Standard PF diagnosis tools are to add "log" to various rules, or add
> "match log(matches)" to the top of the ruleset, and tcpdump -nei pflog0,
> but N.B. due to a bug in (iirc) 7.3 to 7.5 the rule numbers printed by
> tcpdump will be wrong if you have any anchors in the ruleset - that's
> fixed in -current.
After logging all icmp packets and running tcpdump on pflog0, I realized
that packet filter was filtering R5's packets on the veb35 interface.
The problem I made was setting the veb interfaces to link1. This caused
packet filter to filter them really early in some way I didn't expect.
Once I remove link1 from the veb interfaces, NAT works just fine now.
So it was my configuration error, thanks again.
--
jrmu
IRCNow (https://ircnow.org)
No comments:
Post a Comment