On Tue, Aug 12, 2008 at 01:34:35PM +0200, Mathieu Arnold wrote: > > > +-le 12.08.2008 13:17:27 +0200, Mathieu Arnold a dit : > | +-le 12.08.2008 01:34:03 -0700, Jeremy Chadwick a dit : > || Important note: I know absolutely nothing about IPv6. > || > || Do you have ACLs on any of these machines? !A in traceroute commonly > || means there's an ACL blocking said packets: > || > || !A (communication with destination network administratively prohibited) > || > || A ping from the other host might cause a stateful firewall to begin > || allowing said traffic to/from the machine which previously wasn't > || working. > || > || If you use a firewall on these machines (ipfw, pf, etc.), I'd recommend > || posting your problem to the freebsd-pf list instead. > | > | Hum, no, I've verified it already, there is pf enabled on the gateway, which > | is also a firewall, but only on the external interface which does not come > | in play here. > > There's a pass and not a skip, but all my block rules have log, and no > packets show up in pflog, which tends to make me believe that, well, it's not > a firewall problem.
A pass on RELENG_7 will still cause state to be kept (keep state is implicit on RELENG_7). Do you see state mismatches? pfctl -s info. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
