Date: Fri, 9 Feb 2007 19:13:51 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: "Kevin K." <freebsd-pf@magma.ca> Cc: freebsd-pf@freebsd.org Subject: Re: PF & Windows Vista Message-ID: <20070209181351.GC30276@insomnia.benzedrine.cx> In-Reply-To: <00cc01c74acc$20d9d8c0$628d8a40$@ca> References: <859855731.20070206155625@mail.ru> <002501c749f3$bb1a1dc0$314e5940$@ca> <45C9C94E.8080806@vwsoft.com> <00cc01c74acc$20d9d8c0$628d8a40$@ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 07, 2007 at 10:24:57AM -0500, Kevin K. wrote:
> I was hoping that the issue was simple and common, due to Vista's emphasis
> on ipv6 among other networking issues. Either way, below is my entire pf
> configuration. I hope it helps.
I'm afraid you'll have to do the usual debug routine:
1) enable debug logging (pfctl -xm, output in /var/log/messages)
2) run pfctl -si and store the output
3) pick one external host that reliably reproduces the problem
4) on the external interface, run
tcpdump -s 1600 -nvvvSpi $ext_if host $ip and tcp
5) reproduce the problem once, from initial SYN to the point where
the connection fails
6) run pfctl -vvss, and note any state entries related to the
failed connection
7) re-run pfctl -si and store the output (of interest are any counters
increasing besides the obvious ones)
8) check /var/log/messages for any output from pf (related to the
failed connection, or at least the host $ip)
If you provide the output of those steps, that could narrow it down.
In case the results are too large, put them on a web page somehwere
and post the URL instead.
Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070209181351.GC30276>