Date: Fri, 6 Jan 2012 12:47:34 +0000 From: Melissa Jenkins <melissa-freebsd@littlebluecar.co.uk> To: freebsd-net@freebsd.org Subject: Re: pf not seeing inbound packets on netgraph interface Message-ID: <79D6C44F-778D-4B07-A78D-52084306CF0F@littlebluecar.co.uk> In-Reply-To: <20120106120011.9CA681065723@hub.freebsd.org> References: <20120106120011.9CA681065723@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote: > >> Can you see if on the enc(4) interface pf(4) sees both side of the traffic? > > I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. Should there be a pf(4) interface for me to listen on? I've listened on pflog(4), and only seen traffic going one way, even when I have relevant rules set to "log(all)" > I had this problem when trying to firewall/NAT traffic from MPD - it appeared that MPD inserts the packets directly into the middle of the packet flow, without triggering any inbound processing by PF. IPsec does this correctly if you have set the sysctls as per the man page on enc, as does PopTop and ppp (which was my solution to the MPD issue) It didn't matter what firewall rules were configured, and this behaviour was present in the 7 branch as well as 8. Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79D6C44F-778D-4B07-A78D-52084306CF0F>