Date: Mon, 02 Mar 2009 14:29:19 -0500 From: Tom Uffner <tom@uffner.com> To: Link <link@ngc.net.ua> Cc: freebsd-pf@freebsd.org Subject: Re: freebsd 7.1 pf route-to connection stall Message-ID: <49AC338F.8080009@uffner.com> In-Reply-To: <49AC14AA.2030808@ngc.net.ua> References: <49A7D547.9040801@ngc.net.ua> <49A811D4.5030900@uffner.com> <49A8177B.9010209@ngc.net.ua> <49A85BD4.7050105@uffner.com> <49A8FED7.3000603@ngc.net.ua> <49A9BBF5.1060706@uffner.com> <49AC14AA.2030808@ngc.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Link wrote: > Thanks for your reply. > Tried rules you`ve listed. > Does not help.... > I`ve checked with tcpdump packets are still going out using default route. hmm. it sounds like packets aren't matching the rules. at this point all I can suggest is adding an explicit "pass log all" as the first rule in your config, and then testing either your ruleset or my ruleset by adding "log" to all of the rules and check that packets are matching appropriately. for much more detail you can change "log" to "log (all)" to capture _every_ packet, not just the ones that create state. be careful though. running full logging will consume lots of disk if used in production rather than just while debugging. tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49AC338F.8080009>