Date: Wed, 07 Feb 2007 13:42:54 +0100 From: Volker <volker@vwsoft.com> To: "Kevin K." <freebsd-pf@magma.ca> Cc: freebsd-pf@freebsd.org Subject: Re: PF & Windows Vista Message-ID: <45C9C94E.8080806@vwsoft.com> In-Reply-To: <002501c749f3$bb1a1dc0$314e5940$@ca> References: E1HD4Bj-000D25-00.msgs_for_me-mail-ru@f30.mail.ru <859855731.20070206155625@mail.ru> <002501c749f3$bb1a1dc0$314e5940$@ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, Kevin K. wrote: > I am using FreeBSD 6.2-release w/ PF. Everything seems to be okay, except > the fact that Windows Vista machines cant get through the network. I have > tried many things, including just using a skeleton PF configuration and I'm > still having trouble. > > Just curious if anyone has experienced issues with this? If so, any > suggestions or resolutions would be appreciated. > > Below is what we thought would fix the vista issue, but to no avail : > > > ### Office for Vista issue -- no state > > pass in log quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto udp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto icmp from xxx.xxx.xxx.xxx/32 to any > pass in quick on $ext_if inet proto tcp from xxx.xxx.xxx.xxx/32 to any Kevin, helping you with just this snippet of rules is like fishing in the dark. Your rules do the following: A connection coming from a single IP address (/32) is passing the firewall on the external IF. As it does not create state (no keep state option) the answer to that incoming connection will probably never reach the originating IP address. As you're logging but do not keep state, you're getting a whole bunch of log entries which might render your logs unreadable (every packet is being logged instead of every connection). If your rules work properly for other hosts (again, your snippet of rules is useless for supporting you) I'm wondering if your Vista machine does IPv6 and does not try v4? I don't know Vista at all but I guess v6 support is built in. Greetings, Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C9C94E.8080806>
