I have a Domain Controller in a DMZ which is handling radius requests from my access point. I'm having problems passing the radius information successfully through pf. The pf box is a soekris running 4.1.
Mar 09 09:58:56.467664 rule 3/(match) block in on sis4: 172.30.30.5.1812 > 10.50.3.11.2055: Axs! id:1 [1477] [|radius] (frag 25868:[EMAIL PROTECTED]) Mar 09 09:58:56.467745 rule 3/(match) block in on sis4: 172.30.30.5 > 10.50.3.11: (frag 25868:[EMAIL PROTECTED]) # more /etc/pf.conf | grep pix_if pix_if = "sis4" pass quick log on $pix_if from any to 10.50.3.11 block in log on $pix_if pass out on $pix_if In this case, 172.30.30.5 is my radius server, and 10.50.3.11 is my access point. Even though I am logging the pass rule, I do not seeing getting hit through tcpdump. If I take out the block in log on $pix_if, radius information flows ok. Thanks, runelind at runelind dot net
