On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost
<mik...@adhost.com>wrote:
> Hello,
>
> We have a network with a VPN device sitting beside a PF server, both
> connected to an internal network.
>
> PF Server: 10.1.4.1
> VPN Device: 10.1.4.200
>
> The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to
> these networks should be routed to 10.1.4.200. We've set up routes on
> the PF server as such.
>
> We've set up the following rules:
>
> block in log
> pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24
> 10.1.2.0/24)
>
> However, the block in log is catching the return traffic. From pflog
> when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on
> port 80:
>
> 000000 rule 28/0(match): block in on bge1: 10.1.4.25.80 >
> 10.1.2.105.3558: [|tcp]
>
> If we remove the block in log, the traffic works.
>
> What are we missing?
>
> Thanks,
> Mike
Hello Mike,
What version on FBSD are you using? The keep state is implicit from 7.0 as
far as i know. I might not be right so someone please correct.
If that is the case you should add keep state to your rule and see what
happens.
my 7c,
v
--
network warrior since 2005
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
