From owner-freebsd-questions@FreeBSD.ORG Wed May 16 01:51:14 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18F2A16A405 for ; Wed, 16 May 2007 01:51:14 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.235]) by mx1.freebsd.org (Postfix) with ESMTP id B82DE13C480 for ; Wed, 16 May 2007 01:51:13 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: by nz-out-0506.google.com with SMTP id s1so422090nze for ; Tue, 15 May 2007 18:51:13 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:x-mimeole:thread-index; b=aXThypTKKn2ggi4QANCDuTSnnms1aCSaEqruEmFKvy6CnKQ0CisWUdtGmiL6HBDsTPYawdGIhCtKIlmYourIAlv+POOqOEyxraD4vqezt9XpngKnXUyD/Rr5/wi12EyG8lbpMKHm0wY0Ny5IHt/cui1Suwtd9XvJ0oTGlSfDesQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:x-mimeole:thread-index; b=Nh2LQDL6BBiyHPSjJy4kSDIXrZoLn2/7tLhWCFcFjKy7zr6VfdcZi3stLcSiN40JMBc/bcwIt4Dsurb2fO8uR8Gvbt+CkJnAWjlOJqMtzBrTt5HlifhS1DQN7+tSZ9Bm+bXpDl06/uC2Ev9aS7IDPH2g2jQ0LHURqkymqWNGurY= Received: by 10.65.83.18 with SMTP id k18mr2149631qbl.1179280273090; Tue, 15 May 2007 18:51:13 -0700 (PDT) Received: from ansarmm2 ( [206.248.190.95]) by mx.google.com with ESMTP id f17sm1398004qba.2007.05.15.18.51.12; Tue, 15 May 2007 18:51:12 -0700 (PDT) From: "Ansar Mohammed" To: Date: Tue, 15 May 2007 21:51:10 -0400 Message-ID: <000f01c7975c$ae855eb0$0105a8c0@northamerica.corp.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Thread-Index: AceXXK12BjM/5Rg1R5qqOMaoX5Zv9g== Subject: PF Weirdness X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2007 01:51:14 -0000 Hello All, See the following pf.conf file; weirdness is abound since I cannot connect to the internal host "antares" from only some remote networks behind firewalls. Funny enough I thought it was an MTU issue so I dropped max-mss all the way down to 700 but still to no avail. Any ideas? ext_if="tun0" int_if="rl0" internal_net="192.168.2.0/24" external_addr="10.248.190.95" internal_addr="192.168.2.1" #IP Address Assignments ip121_addr="10.248.188.121" #Internal Host Assignments antares="192.168.2.10" www="192.168.2.3" mail="192.168.2.13" scrub in all max-mss 1400 rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> 192.168.2.3 port 80 rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> 192.168.2.13 port 25 binat on $ext_if from $antares to any -> $ip121_addr nat on $ext_if from $internal_net to any -> $external_addr block in log all pass in on $int_if from $internal_net to any keep state pass out on $ext_if from $external_addr to any keep state pass in on $ext_if inet proto tcp from any to $external_addr port 22 keep state pass in on $ext_if inet proto tcp from any to $www port 80 keep state pass in on $ext_if inet proto tcp from any to $mail port 25 keep state pass in on $ext_if inet proto tcp from any to $antares port 22 keep state