pf between two lans
Peter Maxwell
peter at allicient.co.uk
Tue Jul 14 00:47:36 UTC 2009
Hi Aleksic,
On a cursory glance, your pf.conf looks ok. The tcpdump you supplied
is showing both incoming and outgoing packets being blocked which is
wierd - why would there be a return packet if the initial SYN didn't
get through?
Can you post the output of: pfctl -s r
What happens if you try things without pf loaded, and with pf loaded
but a pass all ruleset?
Have you got gateway_enable set in your rc.conf (I think it shows as
net.inet.ip.forwarding being set to 1 in your sysctl)?
Can you post the results of the same tcpdump with a larger window size
( -s 1024 ) and/or a tcpdump on the network interface itself?
There's probably a simple explanation I'm not seeing, but those are
the kind of things I'd try/check.
Peter
2009/7/13 Michael K. Smith - Adhost <mksmith at adhost.com>:
> Hello Aleksic:
>>
>> no nat on $extIF inet proto {tcp, udp} from $intIF:network to
>> $intIF2:network
>> no nat on $extIF inet proto {tcp, udp} from $intIF2:network to
>> $intIF:network
>>
> If nothing else, these rules won't match because the traffic isn't
> traversing the External Interface.
>
> no nat on $intIF2 inet proto {tcp, udp} from $intIF:network to
> $intIF2:network
> no nat on $intIF inet proto {tcp, udp} from $infIF2:network to
> $intIF:network
>
> Regards,
>
> Mike
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list