home router with internal services available question [SOLVED] - followup

rance at frontiernet.net rance at frontiernet.net
Tue Mar 6 15:41:28 UTC 2007

Tirst Thanks to Volker and Greg

I did find an answer

I want to summarize it and then ask a second question.

Volker was right it was pass in proto udp rule that was needed but as  
near as I could figure the bootps rule was not working for me.

so I added this rule to my firewall script

pass in log on $int_if proto udp from any to self keep state

This rule allows dhcp to work, but as I understand it would also allow  
tftp and network boot to work as well as in all those cases tcp stack  
has not been configured yet.

Thanks for the hint Volker.

Greg suggested that I do a tcpdump -s 96 -nleti pflog0 to see what was  
going on.

I tried that and got no data captured, not a single entry.

one of my /etc/rc.conf variables is a pflog_path="/var/log/pflog"

and that file has data in it, but it is hex data I'm assuming as ascii  
tools didn't work to read the file.

ok so my network is working, thank you

but the tools that have been suggested to trouble shoot don't seem to work.

And I honestly don't know enough here to ask a good question, tcpdump  
found the pflog0 interface and warned that no ip address was  
configured, something that makes some sense so didn't really concern me.

Once again, can you point me in the right direction please.

More information about the freebsd-pf mailing list