PF on 6.0 and ICQ
Tilman Linneweh
arved at arved.at
Mon Aug 1 00:35:23 GMT 2005
Am 31.07.2005 um 19:13 schrieb Max Laier:
>> 17:45:37.874576 IP (tos 0x0, ttl 62, id 63520, offset 0, flags [DF],
>> proto: TCP (6), length: 44) 192.168.1.24.49231 > 205.188.7.248.5190:
>> S,
>> cksum 0x7097 (correct), 920618149:920618149(0) win 65535 <mss 1460>
>>
>> Anyone got an idea, why this traffic doesn't match the pass rules
>> anymore?
>
> Can you add a "-e" when tcpdump'ing pflog so it shows the reason for
> the drop
> (i.e. what rule was matched etc.)?
Thanks, this helped a lot. It turns out, that the firewall was trying
to connect
to this specific IP via the $int_if instead of the $ext_if, although
the routing table
displayed by netstat -r looked sane and had no special entry for this
IP.
I decided to reboot the box, and now ICQ works again.
regards
tilman
More information about the freebsd-pf
mailing list