On Wed, Jun 17, 2009 at 10:31 PM, Mike Sweetser - Adhost <mik...@adhost.com>wrote:
> Hello, > > We have a network with a VPN device sitting beside a PF server, both > connected to an internal network. > > PF Server: 10.1.4.1 > VPN Device: 10.1.4.200 > > The VPNs are set up for 10.1.1.0/24 and 10.1.2.0/24, so any traffic to > these networks should be routed to 10.1.4.200. We've set up routes on > the PF server as such. > > We've set up the following rules: > > block in log > pass in on $int_if route-to 10.1.4.200 from 10.1.4.0/24 to { 10.1.1.0/24 > 10.1.2.0/24) > > However, the block in log is catching the return traffic. From pflog > when somebody on the VPN (10.1.2.105) tries to connect to 10.1.4.25 on > port 80: > > 000000 rule 28/0(match): block in on bge1: 10.1.4.25.80 > > 10.1.2.105.3558: [|tcp] > > If we remove the block in log, the traffic works. > > What are we missing? > > Thanks, > Mike Hello Mike, What version on FBSD are you using? The keep state is implicit from 7.0 as far as i know. I might not be right so someone please correct. If that is the case you should add keep state to your rule and see what happens. my 7c, v -- network warrior since 2005 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"