From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  1 16:12:08 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: FreeBSD-questions@freebsd.org
Delivered-To: FreeBSD-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ED2C416A41F
	for <FreeBSD-questions@freebsd.org>;
	Thu,  1 Dec 2005 16:12:08 +0000 (GMT)
	(envelope-from ml@proficuous.com)
Received: from mail.proficuous.com (www.proficuous.com [209.240.79.128])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1D84243D5C
	for <FreeBSD-questions@freebsd.org>;
	Thu,  1 Dec 2005 16:12:04 +0000 (GMT)
	(envelope-from ml@proficuous.com)
Received: from aaron.proficuous.com (aaron-workstation.proficuous.com
	[192.168.3.69])
	by mail.proficuous.com (Postfix) with ESMTP id 9BC6FA8943D
	for <FreeBSD-questions@freebsd.org>;
	Thu,  1 Dec 2005 10:11:59 -0600 (CST)
From: "Aaron P. Martinez" <ml@proficuous.com>
To: FreeBSD-questions@freebsd.org
In-Reply-To: <19861fba0511301740j709ddf34me572b29474b87f6f@mail.gmail.com>
References: <60336.192.168.3.69.1133319528.squirrel@webmail.proficuous.com>
	<20051130170210.GB1587@slackbox.xs4all.nl>
	<200511301742.31258.ml@proficuous.com>
	<20051201005348.GB15959@slackbox.xs4all.nl>
	<19861fba0511301740j709ddf34me572b29474b87f6f@mail.gmail.com>
Content-Type: text/plain
Date: Thu, 01 Dec 2005 10:12:03 -0600
Message-Id: <1133453523.1197.7.camel@aaron.proficuous.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: pf blocking nfs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2005 16:12:09 -0000

On Thu, 2005-12-01 at 02:40 +0100, J65nko BSD wrote:
> [snip]
> > In your original post, there was something about a short packet. I'm
> > guessing this might screw things up. You might try adding 'scrub in all'
> > before the filtering rules.
> >
> [smip]
> 
> Be careful with scrub and NFS. From http://openbsd.bay13.net/faq/pf/scrub.html
> 
> "One reason not to scrub on an interface is if one is passing NFS
> through PF. Some non-OpenBSD platforms send (and expect) strange
> packets -- fragmented packets with the "do not fragment" bit set,
> which are (properly) rejected by scrub."

Well, it looks like scrub fixed the issue.  I had originally removed the
scrub in all line because i too had read in the OBSD faq that scrub
might be what was messing up my nfs connection.  

I put it back and i'm back to my one one state tracting rule for all
outbound traffic for this machine.  Just so everyone can see, this is
the ruleset and it's working properly:

scrub in all
block in log all
pass quick on lo0 all
pass  out on fxp0 proto { tcp, udp, icmp } all keep state


thanks to everyone that helped,

Aaron Martinez