PF & Windows Vista

[Volker]

On 12/23/-58 20:59, Kevin K. wrote:
> I am using FreeBSD 6.2-release w/ PF. Everything seems to be okay, except
> the fact that Windows Vista machines cant get through the network. I have
> tried many things, including just using a skeleton PF configuration and I'm
> still having trouble.
> 
> Just curious if anyone has experienced issues with this?  If so, any
> suggestions or resolutions would be appreciated. 
> 
> Below is what we thought would fix the vista issue, but to no avail :
> 
> 
> ### Office for Vista issue -- no state
> 
> pass in log quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any
> pass in quick on $ext_if inet proto udp from xxx.xxx.xxx.xxx/32 to any
> pass in quick on $ext_if inet proto icmp from xxx.xxx.xxx.xxx/32 to any
> pass in quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any

Kevin,

helping you with just this snippet of rules is like fishing in the dark.

Your rules do the following: A connection coming from a single IP
address (/32) is passing the firewall on the external IF. As it does
not create state (no keep state option) the answer to that incoming
connection will probably never reach the originating IP address.

As you're logging but do not keep state, you're getting a whole
bunch of log entries which might render your logs unreadable (every
packet is being logged instead of every connection).

If your rules work properly for other hosts (again, your snippet of
rules is useless for supporting you) I'm wondering if your Vista
machine does IPv6 and does not try v4? I don't know Vista at all but
I guess v6 support is built in.

Greetings,

Volker