From owner-freebsd-pf@FreeBSD.ORG  Mon Aug  1 00:35:23 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5BA7C16A41F
	for <freebsd-pf@freebsd.org>; Mon,  1 Aug 2005 00:35:23 +0000 (GMT)
	(envelope-from arved@arved.at)
Received: from 21322530218.direct.eti.at (21322530218.direct.eti.at
	[213.225.30.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9B9CB43D46
	for <freebsd-pf@freebsd.org>; Mon,  1 Aug 2005 00:35:22 +0000 (GMT)
	(envelope-from arved@arved.at)
Received: from [192.168.1.24] (ische.arved.de [192.168.1.24])
	by 21322530218.direct.eti.at (8.13.3/8.13.1) with ESMTP id
	j710ZJ6t070380; Mon, 1 Aug 2005 02:35:19 +0200 (CEST)
	(envelope-from arved@arved.at)
In-Reply-To: <200507311914.03774.max@love2party.net>
References: <c31937ef582c09322bd67c932e176602@arved.at>
	<200507311914.03774.max@love2party.net>
Mime-Version: 1.0 (Apple Message framework v622)
X-Gpgmail-State: !signed
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <d9afe7bfb8e964e16ccde0a3faa48f11@arved.at>
Content-Transfer-Encoding: 7bit
From: Tilman Linneweh <arved@arved.at>
Date: Mon, 1 Aug 2005 02:35:14 +0200
To: Max Laier <max@love2party.net>
X-Mailer: Apple Mail (2.622)
Cc: freebsd-pf@freebsd.org, Tilman Linneweh <arved@arved.at>
Subject: Re: PF on 6.0 and ICQ
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2005 00:35:23 -0000


Am 31.07.2005 um 19:13 schrieb Max Laier:
>> 17:45:37.874576 IP (tos 0x0, ttl  62, id 63520, offset 0, flags [DF],
>> proto: TCP (6), length: 44) 192.168.1.24.49231 > 205.188.7.248.5190: 
>> S,
>> cksum 0x7097 (correct), 920618149:920618149(0) win 65535 <mss 1460>
>>
>> Anyone got an idea, why this traffic doesn't match the pass rules
>> anymore?
>
> Can you add a "-e" when tcpdump'ing pflog so it shows the reason for 
> the drop
> (i.e. what rule was matched etc.)?

Thanks, this helped a lot. It turns out, that the firewall was trying 
to connect
to this specific IP via the $int_if instead of the $ext_if, although 
the routing table
displayed by netstat -r looked sane and had no special entry for this 
IP.
I decided to reboot the box, and now ICQ works again.

regards
tilman