Vexing IPF problem
DH
dhutch9999 at yahoo.com
Fri Jun 17 15:12:46 GMT 2005
I'm having a problem with IPF blocking packets that appear should be let through.
I've sent quite a bit of time going through the Handbook, man pages, etc & I must be missing something so any help is greatly appriciated.
uname -a freebsd 4.11-release #0
SMP kernel, dual PIII processor, 512 MB ECC RAM, SCSI HDs
execerpt from rule set:
Kernel compiled with "default allow" until I finish getting the ruleset rewritten.
Rule #1 block in log from any to any
pass in quick on lo0
pass out quick on lo0
block in log quick on fxp0 from any to any with ipopts
block in log quick proto tcp from any to any with short
...
pass in log first proto tcp from any to any port = 80 flags S keep state
pass in log first proto tcp from any port = 80 to any flags S keep state
pass out log first proto tcp from any to any port = 80 flags S keep state
netstat -m = 129/576/16384
9% of mb_map in use
Proxy Server - Squid 2.5.stable10
The behavior I'm seeing is out going connections to websites on port 80 are being passed
but the in bound traffic is being blocked. The ipflog entries look like this:
my ip = s theirs = d
@0:390 p s.s.s.s,3601 -> d.d.d.d,80 PR tcp len 20 60 -S K-S OUT
@0:1 b d.d.d.d,80 -> s.s.s.s,3601 PR tcp len 20 43 -AR IN
Thanks in advance to those giving their time to lend a hand, I know you time is valuable.
Please CC my address in your reply.
David Hutchens III
Network Technician
---------------------------------
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
More information about the freebsd-questions
mailing list