UDP weirdness
Kevin K
kkutzko at teksavvy.com
Wed May 7 17:55:24 UTC 2008
Try pass out proto udp from any to any port 53
> -----Original Message-----
> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-
> pf at freebsd.org] On Behalf Of Ansar Mohammed
> Sent: Wednesday, May 07, 2008 1:34 PM
> To: freebsd-pf at freebsd.org
> Subject: UDP weirdness
>
> I have a very simple configuration yet I am bemused as to what I am
> doing
> wrong.
>
>
> Windows 2003 <- FreeBSD-PF -> Windows 2003
> 192.168.3.2 192.168.3.1 192.168.2.2 192.168.2.130
> Here are my rules
>
>
> ext_if="le0"
> int_if="le1"
> int_net="192.168.3.0/24"
> ext_net="192.168.2.0/24"
> int_addr="192.168.3.1"
> ext_addr="192.168.2.2"
> scrub on $ext_if all reassemble tcp
> scrub on $int_if all reassemble tcp
> block in log all
> pass in proto icmp from any to any
> pass in proto udp from any to any port 53
> pass in on $ext_if inet proto tcp from any to any port 3389
>
>
> DNS traffic is allowed though but the return packet gets blocked. Can
> anyone
> explain why?
> This is true on ALL UDP traffic TCP traffic works well
>
> Pflog message:
>
> 065276 rule 0/0(match): block in on le1: 192.168.3.2.53 >
> 192.168.2.130.3837: [|domain]
>
>
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list