Date: Wed, 6 Sep 2006 20:17:53 -0700 From: =?ISO-8859-1?Q?Ask_Bj=F8rn_Hansen?= <ask@develooper.com> To: freebsd-pf@freebsd.org Subject: bad ruleset - pf not keeping state for some bridged connections? Message-ID: <596996E2-D643-4D66-ADE3-36099FF2BDD6@develooper.com>
next in thread | raw e-mail | index | archive | help
Hi everyone, I am having a bit of trouble with my pf ruleset that I can't figure out. My ISP gives me a few static IPs, so I have a Soekris box running as a bridging firewall running 6.0-RELEASE-p4. It does NAT for my RFC1918 net and does the bridging firewall for my public IPs. I've posted my pf.conf here: http://tmp.askask.com/2006/09/pf.conf The bridge is setup with net.link.bridge.pfil_bridge=0 net.link.bridge.pfil_member=1 Some months ago I must have changed something that makes incoming ssh connections not (always) work. If I ssh from an outside client to 64.81.84.17 the connection is established and the traffic from 64.81.84.17 to the outside IP makes it (the sshd banner), but after that the packets from the client doesn't make it through the BSD box. I can see with tcpdump that they come in on sis0, but there's nothing on sis1. Any ideas? Also, any suggestions for general cleanup and optimizations of the rulesets are welcome. The box is also doing ipsec to another 10/8 network, but I'm honestly not sure if it's even being filtered (?!) - ask -- http://www.askbjoernhansen.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?596996E2-D643-4D66-ADE3-36099FF2BDD6>