From owner-freebsd-isp Wed Jan 9 10:56:26 2002 Delivered-To: freebsd-isp@freebsd.org Received: from rebecca.tiscali.nl (rebecca.tiscali.nl [195.241.76.181]) by hub.freebsd.org (Postfix) with ESMTP id 9885737B419 for ; Wed, 9 Jan 2002 10:56:17 -0800 (PST) Received: from monkey-online.net (unknown [195.241.113.9]) by rebecca.tiscali.nl (Postfix) with ESMTP id A397C8A3B03 for ; Wed, 9 Jan 2002 19:56:01 +0100 (MET) Message-ID: <3C3C913D.90708@monkey-online.net> Date: Wed, 09 Jan 2002 19:51:41 +0100 From: Eric Veraart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Filtering out problem with IPFilter Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I'm running a FreeBSD gateway here with IPFilter. I noticed that packets comming in from the network can be filtered and blocked, but once they are through I can't filter them with out rules. For example; I make a rule to pass in all traffic from xl0 to any Then I say all traffic out on ep0 is allowed, but on xl1 only a small range of addresses can go out. What I notice is that all computers on xl0 can go to an address behind xl1. The gateway itself can't go out on xl1. It almost seems as if gateway_enable="YES" in rc.conf lets packets bypass the filter after comming in. I'm not using NAT. Though this is not a big problem, because I can manage everything through IN rules, it's still strange. Greetings, Eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message