From owner-freebsd-pf@FreeBSD.ORG  Wed Sep 20 08:48:35 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BCEA216A412
	for <freebsd-pf@freebsd.org>; Wed, 20 Sep 2006 08:48:35 +0000 (UTC)
	(envelope-from ask@develooper.com)
Received: from x8.develooper.com (x8.develooper.com [216.52.237.208])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 433F743D4C
	for <freebsd-pf@freebsd.org>; Wed, 20 Sep 2006 08:48:35 +0000 (GMT)
	(envelope-from ask@develooper.com)
Received: (qmail 3091 invoked from network); 20 Sep 2006 08:48:34 -0000
Received: from gw.develooper.com (HELO ?10.0.201.101?)
	(ask@cleverpeople.org@64.81.84.140)
	by smtp.develooper.com with (RC4-SHA encrypted) SMTP;
	20 Sep 2006 08:48:34 -0000
Mime-Version: 1.0 (Apple Message framework v752.2)
In-Reply-To: <596996E2-D643-4D66-ADE3-36099FF2BDD6@develooper.com>
References: <596996E2-D643-4D66-ADE3-36099FF2BDD6@develooper.com>
Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed
Message-Id: <B5E75649-5897-43DF-8ACB-03D5DB7A9E1E@develooper.com>
Content-Transfer-Encoding: quoted-printable
From: =?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?= <ask@develooper.com>
Date: Wed, 20 Sep 2006 01:48:23 -0700
To: freebsd-pf@freebsd.org
X-Mailer: Apple Mail (2.752.2)
Subject: Re: bad ruleset - pf not keeping state for some bridged connections?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2006 08:48:35 -0000


On Sep 6, 2006, at 20:17, Ask Bj=F8rn Hansen wrote:

> I am having a bit of trouble with my pf ruleset that I can't figure =20=

> out.
>
> My ISP gives me a few static IPs, so I have a Soekris box running =20
> as a bridging firewall running 6.0-RELEASE-p4.
>
> It does NAT for my RFC1918 net and does the bridging firewall for =20
> my public IPs.
>
> I've posted my pf.conf here:
> 	http://tmp.askask.com/2006/09/pf.conf
>
> The bridge is setup with
> 	net.link.bridge.pfil_bridge=3D0
> 	net.link.bridge.pfil_member=3D1
>
> Some months ago I must have changed something that makes incoming =20
> ssh connections not (always) work.
[... http://lists.freebsd.org/pipermail/freebsd-pf/2006-September/=20
002616.html ..]

Actually, I noticed something else:

It's only when the box behind the FreeBSD box is running Fedora 5 =20
this happens.  A few packets are sent back and forth and then it's =20
like the session is dropped.

With OS X or RHEL the sessions get going just fine.

Any ideas for what to look for to debug this?


  - ask

--=20
http://www.askbjoernhansen.com/