From owner-freebsd-pf@FreeBSD.ORG Wed Feb 7 12:43:18 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8628C16A408 for ; Wed, 7 Feb 2007 12:43:18 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 776EB13C4C6 for ; Wed, 7 Feb 2007 12:43:05 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7d51.q.ppp-pool.de [89.53.125.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id D1D6812883D; Wed, 7 Feb 2007 13:42:59 +0100 (CET) Received: from [192.168.16.3] (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 9AF202E568; Wed, 7 Feb 2007 13:42:53 +0100 (CET) Message-ID: <45C9C94E.8080806@vwsoft.com> Date: Wed, 07 Feb 2007 13:42:54 +0100 From: Volker User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: "Kevin K." References: E1HD4Bj-000D25-00.msgs_for_me-mail-ru@f30.mail.ru <859855731.20070206155625@mail.ru> <002501c749f3$bb1a1dc0$314e5940$@ca> In-Reply-To: <002501c749f3$bb1a1dc0$314e5940$@ca> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: PF & Windows Vista X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Feb 2007 12:43:19 -0000 On 12/23/-58 20:59, Kevin K. wrote: > I am using FreeBSD 6.2-release w/ PF. Everything seems to be okay, except > the fact that Windows Vista machines cant get through the network. I have > tried many things, including just using a skeleton PF configuration and I'm > still having trouble. > > Just curious if anyone has experienced issues with this? If so, any > suggestions or resolutions would be appreciated. > > Below is what we thought would fix the vista issue, but to no avail : > > > ### Office for Vista issue -- no state > > pass in log quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto udp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto icmp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any Kevin, helping you with just this snippet of rules is like fishing in the dark. Your rules do the following: A connection coming from a single IP address (/32) is passing the firewall on the external IF. As it does not create state (no keep state option) the answer to that incoming connection will probably never reach the originating IP address. As you're logging but do not keep state, you're getting a whole bunch of log entries which might render your logs unreadable (every packet is being logged instead of every connection). If your rules work properly for other hosts (again, your snippet of rules is useless for supporting you) I'm wondering if your Vista machine does IPv6 and does not try v4? I don't know Vista at all but I guess v6 support is built in. Greetings, Volker