On 2008-03-09, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I have a Domain Controller in a DMZ which is handling radius requests from > my access point. I'm having problems passing the radius information > successfully through pf. The pf box is a soekris running 4.1. > > Mar 09 09:58:56.467664 rule 3/(match) block in on sis4: 172.30.30.5.1812 > > 10.50.3.11.2055: Axs! id:1 [1477] [|radius] (frag 25868:[EMAIL PROTECTED]) > Mar 09 09:58:56.467745 rule 3/(match) block in on sis4: 172.30.30.5 > > 10.50.3.11: (frag 25868:[EMAIL PROTECTED])
I think it may be connected with the fragments, please have a look at pf.conf(5) about fragment reassembly/scrub. It might be useful to turn on extended logging (pfctl -xmisc) and check syslog. > # more /etc/pf.conf | grep pix_if scrub rules are certainly relevant here.. it's generally useful if you can send a whole config, preferably reduced to the minimum that shows the problem (I am sure many people fix things in the process of doing this anyway :-) preferably with rule numbers (pfctl -sr -vv) to match against the tcpdump output.
