[Bug 206143] DLINK DUB-E100 revision C1 can't reach destination

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206143

--- Comment #26 from Anatoly <anatoly at kazanfieldhockey.ru> ---
I see no problem with rules, but they are referring to two address tables that
is used as "blacklists": snort2c and webConfiguratorlockout. Can you show me
content of those tables (while ue0 as lan):
#pfctl -t snort2c -T show
#pfctl -t webConfiguratorlockout -T show
And your nat/redirect rules also:
#pfctl -s nat

The other situation I can think of is if ue0 disappears from the system (for
some USB related matters) after pf rules was loaded. And when it appears back,
pf may have troubles to handle it (although it must). Can you check output of
#dmesg or /var/log/messages to see if some USB disconnects of ue0 occurs?
Anyway, in such a situations clearing firewall state and reloading rules again
may help. You may try:
Just for sure
#pfctl -d
Test.
#pfctl -e
Clear pf state tables:
#pfctl -F state
Test.
Clear pf address tables (your blacklists e.t.c.)
#pfctl -F Tables
Test.
Now you need pf config (rules) file to reload. Simplest is to dump existing
rules:
#pfctl -s rules > aa
(it's like previously created 'a', but without anchors information. You may
also use 'a' but it needs to remove by hand all "anchor "*" all { }") Check
that file isn't empty. This file will not contain nat/redirects, but enough for
test.
Or, in FreeBSD default location for pf config that is applied at boot is
/etc/pf.conf. You may examine that file to see if it contain similar rules and
have right modification date.
Clear everything:
#pfctl -F all
Load rules back:
#pfctl -f aa
See if no errors occurs. Test.

-- 
You are receiving this mail because:
You are on the CC list for the bug.