From owner-freebsd-stable Sun Jan 13 7:36:49 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rebecca.tiscali.nl (rebecca.tiscali.nl [195.241.76.181]) by hub.freebsd.org (Postfix) with ESMTP id B84BD37B416 for ; Sun, 13 Jan 2002 07:36:46 -0800 (PST) Received: from monkey-online.net (unknown [195.241.113.9]) by rebecca.tiscali.nl (Postfix) with ESMTP id E00428A2F7C for ; Sun, 13 Jan 2002 16:36:31 +0100 (MET) Message-ID: <3C41A86E.9070909@monkey-online.net> Date: Sun, 13 Jan 2002 16:31:58 +0100 From: Eric Veraart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Filtering out problem with IPFilter Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I'm running a FreeBSD 4.4p2-RELEASE gateway here with IPFilter. I noticed that packets comming in from the network can be filtered and blocked, but once they are through I can't filter them with out rules. For example; I make a rule to pass in all traffic from xl0 to any Then I say all traffic out on ep0 is allowed, but on xl1 only a small range of addresses can go out. What I notice is that all computers on xl0 can go to an address behind xl1. The gateway itself can't go out on xl1. It almost seems as if gateway_enable="YES" in rc.conf lets packets bypass the out filter. I'm not using NAT. This is not a big problem, because I can manage everything through IN rules, it's still strange. Greetings, Eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message