I have been struggling with this issue for a few days now. I have a
Citrix server (customer site) that I cannot connect to through my
OpenBSD 3.7 pf firewall. I am able to reach this Citrix server if I go
direct (no firewall). I know the Citrix server is open to everyone on
the Internet. However, something is happening when my Windows client
passes through the OpenBSD pf firewall - I do not receive any packets
back from the Citrix server. I have tcpdump running on the outside and
inside of the firewall and I see the match rules that allow out from the
Inside interface then out the outside interface but I never see any
traffic back from the Citrix server.
My rules are simple. I have actually done a pass in log all keep state &
pass out log all keep state in my rules with nothing else (no block or
pass) and it still fails. I see the traffic go through the pf box but
never see anything from the Citrix server.
I do know this Citrix server is being firewalled by a Check Point NG
firewall. I do not believe they are running any IDS or anything else
that would block my connection attempts.
Has anyone got this to work? If so, what does the rule(s) look like?
Thanks.