PF & Windows Vista
Daniel Hartmeier
daniel at benzedrine.cx
Fri Feb 9 18:13:52 UTC 2007
On Wed, Feb 07, 2007 at 10:24:57AM -0500, Kevin K. wrote:
> I was hoping that the issue was simple and common, due to Vista's emphasis
> on ipv6 among other networking issues. Either way, below is my entire pf
> configuration. I hope it helps.
I'm afraid you'll have to do the usual debug routine:
1) enable debug logging (pfctl -xm, output in /var/log/messages)
2) run pfctl -si and store the output
3) pick one external host that reliably reproduces the problem
4) on the external interface, run
tcpdump -s 1600 -nvvvSpi $ext_if host $ip and tcp
5) reproduce the problem once, from initial SYN to the point where
the connection fails
6) run pfctl -vvss, and note any state entries related to the
failed connection
7) re-run pfctl -si and store the output (of interest are any counters
increasing besides the obvious ones)
8) check /var/log/messages for any output from pf (related to the
failed connection, or at least the host $ip)
If you provide the output of those steps, that could narrow it down.
In case the results are too large, put them on a web page somehwere
and post the URL instead.
Daniel
More information about the freebsd-pf
mailing list