Date: Thu, 5 Jan 2012 23:06:47 -0800 From: Edward Carrel <azanar@carrel.org> To: =?iso-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: pf not seeing inbound packets on netgraph interface Message-ID: <D25A9950-97FB-4BE9-996E-986A00344164@carrel.org> In-Reply-To: <CAPBZQG2z0GeOoV_RfcnmnD=pbQ4CYQAYEs9PqrhE_JXirLMBOA@mail.gmail.com> References: <CAC6u2XeLijriLrYgiUf32BMLzYF-uza18c_e9Rk9jXmxe0fW2w@mail.gmail.com> <CAC6u2XeiUP2jouYv1Qc%2B1gmjx-1twSmKeLMbNZNq_3CU625mFw@mail.gmail.com> <CAPBZQG2z0GeOoV_RfcnmnD=pbQ4CYQAYEs9PqrhE_JXirLMBOA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 4, 2012, at 12:03 AM, Ermal Lu=E7i wrote: > Can you see if on the enc(4) interface pf(4) sees both side of the = traffic? I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. = Should there be a pf(4) interface for me to listen on? I've listened on = pflog(4), and only seen traffic going one way, even when I have relevant = rules set to "log(all)" > Also please describe/post what is the ruleset of blindly passing = packets and the ruleset that you define as 'keep state'!? =46rom my /etc/pf.conf: pass in quick log(all) on enc0 no state pass out quick log(all) on enc0 no state pass out quick log(all) on ng0 proto tcp from ng0 to 10.0.0.0/8 pass in quick log(all) on ng0 proto tcp from 10.0.0.0/8 to ng0 If I assert the last two rules as being explicitly 'no state' things = continue to work after the stateful tracking drops the entry due to = never seeing the SYN-ACK responding to my SYN to the remote end. - Ed=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D25A9950-97FB-4BE9-996E-986A00344164>