From owner-freebsd-net@FreeBSD.ORG Fri Jan 6 13:26:31 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D6AA106566C for ; Fri, 6 Jan 2012 13:26:31 +0000 (UTC) (envelope-from melissa-freebsd@littlebluecar.co.uk) Received: from filter.blacknosugar.com (filter.blacknosugar.com [212.13.204.214]) by mx1.freebsd.org (Postfix) with ESMTP id EEE418FC08 for ; Fri, 6 Jan 2012 13:26:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=littlebluecar.co.uk; s=dkim; h=Subject:To:References:Message-Id:Content-Transfer-Encoding:Date:In-Reply-To:From:Content-Type:Mime-Version; bh=fbyBop6NzhQWyFpnL0U+dDYi5Ms/PIMAJ4ygNgLa8HM=; b=kSg3aHidxypZbQdOwnweGdKj7Q5V8sYk2lAfNO34nKDd34NMDPsXuytX5BC/PZZSIBrtFQCxei9azWNUzhKDeetUj3kLg0l6H3R3nv5HE6C8H9h1oMr7NedsE2RBqxur; Received: from [188.65.183.9] (helo=[192.168.124.220]) by filter.blacknosugar.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Rj9Cs-0009xU-AX; Fri, 06 Jan 2012 12:47:39 +0000 Mime-Version: 1.0 (Apple Message framework v1251.1) Content-Type: text/plain; charset=iso-8859-1 From: Melissa Jenkins In-Reply-To: <20120106120011.9CA681065723@hub.freebsd.org> Date: Fri, 6 Jan 2012 12:47:34 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <79D6C44F-778D-4B07-A78D-52084306CF0F@littlebluecar.co.uk> References: <20120106120011.9CA681065723@hub.freebsd.org> To: freebsd-net@freebsd.org X-Mailer: Apple Mail (2.1251.1) X-SA-Exim-Connect-IP: 188.65.183.9 X-SA-Exim-Mail-From: melissa-freebsd@littlebluecar.co.uk X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on filter X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.3.2 X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on filter.blacknosugar.com) Subject: Re: pf not seeing inbound packets on netgraph interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jan 2012 13:26:31 -0000 >=20 > On Jan 4, 2012, at 12:03 AM, Ermal Lu=E7i wrote: >=20 >> Can you see if on the enc(4) interface pf(4) sees both side of the = traffic? >=20 > I can on enc0. Doing a tcpdump(1) shows me traffic traveling both = ways. Should there be a pf(4) interface for me to listen on? I've = listened on pflog(4), and only seen traffic going one way, even when I = have relevant rules set to "log(all)" >=20 I had this problem when trying to firewall/NAT traffic from MPD - it = appeared that MPD inserts the packets directly into the middle of the = packet flow, without triggering any inbound processing by PF. IPsec does this correctly if you have set the sysctls as per the man = page on enc, as does PopTop and ppp (which was my solution to the MPD = issue) It didn't matter what firewall rules were configured, and this behaviour = was present in the 7 branch as well as 8. Mel=