UDP weirdness

Kevin K kkutzko at teksavvy.com
Wed May 7 17:55:24 UTC 2008


Try pass out proto udp from any to any port 53

> -----Original Message-----
> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-
> pf at freebsd.org] On Behalf Of Ansar Mohammed
> Sent: Wednesday, May 07, 2008 1:34 PM
> To: freebsd-pf at freebsd.org
> Subject: UDP weirdness
> 
> I have a very simple configuration yet I am bemused as to what I am
> doing
> wrong.
> 
> 
> Windows 2003 	<- FreeBSD-PF -> 			Windows 2003
> 192.168.3.2		192.168.3.1 192.168.2.2		192.168.2.130
> Here are my rules
> 
> 
> ext_if="le0"
> int_if="le1"
> int_net="192.168.3.0/24"
> ext_net="192.168.2.0/24"
> int_addr="192.168.3.1"
> ext_addr="192.168.2.2"
> scrub on $ext_if all reassemble tcp
> scrub on $int_if all reassemble tcp
> block in log all
> pass in  proto icmp from any to any
> pass in proto udp from any to any port 53
> pass in on $ext_if inet proto tcp from any to any port 3389
> 
> 
> DNS traffic is allowed though but the return packet gets blocked. Can
> anyone
> explain why?
> This is true on ALL UDP traffic TCP traffic works well
> 
> Pflog message:
> 
> 065276 rule 0/0(match): block in on le1: 192.168.3.2.53 >
> 192.168.2.130.3837: [|domain]
> 
> 
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"



More information about the freebsd-pf mailing list