On Sun, Apr 14, 2024 at 04:33:58PM +0200, Karel Lucas wrote:
> Output from "tcpdump -neti pflog0":
> tcpdump: WARNING: snaplen raised from 116 to 160
> tcpdump: listening on pflog0, link-type PFLOG
> ...
> rule 4/(match) pass in on igc1: 192.168.2.252 > 17.253.53.207: icmp: echo
> request
> ...
Output from "tcpdump -neti pflog0":
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
...
rule 4/(match) pass in on igc1: 192.168.2.252 > 17.253.53.207: icmp:
echo request
...
output from "pfctl -sr -R 4":
pass log inet proto icmp all icmp-type
On 2024-04-13, Janne Johansson wrote:
> Den fre 12 apr. 2024 kl 20:22 skrev Karel Lucas :
>> Traceroute still won't work.
>> Can
>> anyone give me some starting points here?
>
> Put "log" on all your block/pass rules, read the logs (man pflog for
> help) and see which rule the traceroute packets
Den fre 12 apr. 2024 kl 20:22 skrev Karel Lucas :
> Traceroute still won't work.
> Can
> anyone give me some starting points here?
Put "log" on all your block/pass rules, read the logs (man pflog for
help) and see which rule the traceroute packets hit.
Adapt and extend your pf.conf accordingly
On 2024-04-12 13:04, Karel Lucas wrote:
Hi all,
Traceroute still won't work. I'm playing around with the rules and
wondering what's right and what's wrong with the traceroute rules. Can
anyone give me some starting points here?
Start with: tcpdump -nettti pflog0. Adjust to suit your
On Fri, Apr 12, 2024 at 07:04:16PM +0200, Karel Lucas wrote:
> Hi all,
>
> Traceroute still won't work. I'm playing around with the rules and wondering
> what's right and what's wrong with the traceroute rules. Can anyone give me
> some starting points here?
>
>
> /etc/pf.conf:
>
> ext_if =
Hi all,
Traceroute still won't work. I'm playing around with the rules and
wondering what's right and what's wrong with the traceroute rules. Can
anyone give me some starting points here?
/etc/pf.conf:
ext_if = igc0 # Extern interface
int_if = "{ igc1, igc2 }" # Intern
On Thu, Apr 11, 2024 at 07:45:18PM +0200, Karel Lucas wrote:
> The typos have been fixed, and PF's ruleset will be put under a magnifying
> glass.
This is a bit of a personal preference, but (assuming you trust any
traffic generated on the firewall itself), I find it helpful to
start the
PF's ruleset will be put under a magnifying glass.
Op 11-04-2024 om 11:09 schreef Peter N. M. Hansteen:
On Thu, Apr 11, 2024 at 09:34:15AM +0100, Zé Loff wrote:
pass log out on egress inet proto udp to port 33433:33626 # for IPv4
pass log out on egress inet6 proto udp to port 33433:33626 # for
The typos have been fixed, and PF's ruleset will be put under a
magnifying glass.
Op 11-04-2024 om 10:34 schreef Zé Loff:
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote:
Hi all,
With the new firewall I am setting up I cannot connect to the internet. That
starts with traceroute,
I do get the following error message: sysctl: toplevel name net/inet6 in
net/inet6.ip6.forwarding is invalid
Op 11-04-2024 om 09:49 schreef Peter N. M. Hansteen:
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote:
With the new firewall I am setting up I cannot connect to the
Output van 'sysctl net.inet | grep forward':
net.inet.ip.forwarding=1
net.inet.ip.mforwarding=0
This may sound strange, but I don't get an error message when booting. I
did have that problem because the word 'log' appeared in some lines, but
that has already been resolved. I'm going to apply a
On Thu, Apr 11, 2024 at 09:34:15AM +0100, Zé Loff wrote:
> > pass log out on egress inet proto udp to port 33433:33626 # for IPv4
> > pass log out on egress inet6 proto udp to port 33433:33626 # for IPv6
> >
> > pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> > to port
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote:
> Hi all,
>
> With the new firewall I am setting up I cannot connect to the internet. That
> starts with traceroute, so let's start there. Ping works fine. Below I have
> listed my pf.conf file.
>
>
>
> /etc/pf.conf:
>
> ext_if =
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote:
>
> With the new firewall I am setting up I cannot connect to the internet. That
> starts with traceroute, so let's start there. Ping works fine. Below I have
> listed my pf.conf file.
This sounds like you have a link to somewhere, at
Hi all,
With the new firewall I am setting up I cannot connect to the internet.
That starts with traceroute, so let's start there. Ping works fine.
Below I have listed my pf.conf file.
/etc/pf.conf:
ext_if = igc0 # Extern interface
int_if = "{ igc1, igc2 }" # Intern
16 matches
Mail list logo
