From owner-freebsd-pf@FreeBSD.ORG Tue Mar 6 15:41:28 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9629C16A402 for ; Tue, 6 Mar 2007 15:41:28 +0000 (UTC) (envelope-from rance@frontiernet.net) Received: from relay03.roc.ny.frontiernet.net (relay03.roc.ny.frontiernet.net [66.133.182.166]) by mx1.freebsd.org (Postfix) with ESMTP id 6CBF413C471 for ; Tue, 6 Mar 2007 15:41:28 +0000 (UTC) (envelope-from rance@frontiernet.net) X-Virus-Scanned: by amavisd-new-2.4.1 at filter01.roc.ny.frontiernet.net X-Trace: 53616c7465645f5fcd4696c959684c86037afc1df5cac96264bf12fcb9e716912602dca746afaf9288b918bddc040fc562297e75c79e5ba831a05d06ca3c4f134e9dcf93e0a0b8cf4f28e04c2f81d4d30ce1964554421679e58998acac0bfd8c Received: from localhost (webmail04.roc.ny.frontiernet.net [66.133.182.103]) by relay03.roc.ny.frontiernet.net (Postfix) with ESMTP id E65A3BB44 for ; Tue, 6 Mar 2007 15:41:19 +0000 (UTC) X-Received: from mail.nebraskaturkey.com (mail.nebraskaturkey.com [207.68.218.164]) by webmail.frontiernet.net (Horde MIME library) with HTTP; Tue, 06 Mar 2007 15:41:19 +0000 Message-ID: <20070306154119.f54neym2pom8kgo4@webmail.frontiernet.net> Date: Tue, 06 Mar 2007 15:41:19 +0000 From: "rance@frontiernet.net" To: freebsd-pf@freebsd.org References: <20070305043922.qgd8g96zo6jo0g0k@webmail.frontiernet.net> <45EC1DCA.3080001@vwsoft.com> In-Reply-To: <45EC1DCA.3080001@vwsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4-cvs) Subject: Re: home router with internal services available question [SOLVED] - followup X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Mar 2007 15:41:28 -0000 Tirst Thanks to Volker and Greg I did find an answer I want to summarize it and then ask a second question. Volker was right it was pass in proto udp rule that was needed but as =20 near as I could figure the bootps rule was not working for me. so I added this rule to my firewall script pass in log on $int_if proto udp from any to self keep state This rule allows dhcp to work, but as I understand it would also allow =20 tftp and network boot to work as well as in all those cases tcp stack =20 has not been configured yet. Thanks for the hint Volker. Greg suggested that I do a tcpdump -s 96 -nleti pflog0 to see what was =20 going on. I tried that and got no data captured, not a single entry. one of my /etc/rc.conf variables is a pflog_path=3D"/var/log/pflog" and that file has data in it, but it is hex data I'm assuming as ascii =20 tools didn't work to read the file. ok so my network is working, thank you but the tools that have been suggested to trouble shoot don't seem to work. And I honestly don't know enough here to ask a good question, tcpdump =20 found the pflog0 interface and warned that no ip address was =20 configured, something that makes some sense so didn't really concern me. Once again, can you point me in the right direction please.