From owner-freebsd-pf@FreeBSD.ORG Wed May 7 17:55:23 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F242F106567D for ; Wed, 7 May 2008 17:55:23 +0000 (UTC) (envelope-from kkutzko@teksavvy.com) Received: from ironport2-out.teksavvy.com (ironport2-out.pppoe.ca [206.248.154.182]) by mx1.freebsd.org (Postfix) with ESMTP id BDF2E8FC0C for ; Wed, 7 May 2008 17:55:23 +0000 (UTC) (envelope-from kkutzko@teksavvy.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AuYEAB+JIUhMCqa7/2dsb2JhbACBU4l4og8E X-IronPort-AV: E=Sophos;i="4.27,449,1204520400"; d="scan'208";a="20028903" Received: from mail.pppoe.ca (HELO mail.teksavvy.com) ([65.39.192.132]) by ironport2-out.teksavvy.com with ESMTP; 07 May 2008 13:54:19 -0400 Received: from kevin ([76.10.166.187]) by mail.teksavvy.com (Internet Mail Server v1.0) with ASMTP id NWJ50719; Wed, 07 May 2008 13:54:19 -0400 From: "Kevin K" To: "'Ansar Mohammed'" , References: <004f01c8b068$89c89350$9d59b9f0$@com> In-Reply-To: <004f01c8b068$89c89350$9d59b9f0$@com> Date: Wed, 7 May 2008 13:54:17 -0400 Message-ID: <005101c8b06b$5f0743c0$1d15cb40$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 thread-index: AciwaIi9DeA70Ec8S9CJzUU+Q2PZ2QAAscEQ Content-Language: en-us Cc: Subject: RE: UDP weirdness X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 17:55:24 -0000 Try pass out proto udp from any to any port 53 > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > pf@freebsd.org] On Behalf Of Ansar Mohammed > Sent: Wednesday, May 07, 2008 1:34 PM > To: freebsd-pf@freebsd.org > Subject: UDP weirdness > > I have a very simple configuration yet I am bemused as to what I am > doing > wrong. > > > Windows 2003 <- FreeBSD-PF -> Windows 2003 > 192.168.3.2 192.168.3.1 192.168.2.2 192.168.2.130 > Here are my rules > > > ext_if="le0" > int_if="le1" > int_net="192.168.3.0/24" > ext_net="192.168.2.0/24" > int_addr="192.168.3.1" > ext_addr="192.168.2.2" > scrub on $ext_if all reassemble tcp > scrub on $int_if all reassemble tcp > block in log all > pass in proto icmp from any to any > pass in proto udp from any to any port 53 > pass in on $ext_if inet proto tcp from any to any port 3389 > > > DNS traffic is allowed though but the return packet gets blocked. Can > anyone > explain why? > This is true on ALL UDP traffic TCP traffic works well > > Pflog message: > > 065276 rule 0/0(match): block in on le1: 192.168.3.2.53 > > 192.168.2.130.3837: [|domain] > > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"