I have users that can access the website fine (75.44.229.18) and some user that complain they can't access it. I don't know what gives. I have asked on the list for help but haven't still resolved this. I would really appreciate any help. Why is the user in the below pflog getting blocked. Where as most of the user can access the website just fine. I have spent countless hours on this. I really don't want a PIX firewall. When I switch to the pix the access seems fine.
tcpdump: listening on pflog0, link-type PFLOG Sep 21 21:53:21.903554 rule 0/(match) block in on fxp0: 172.16.10.11.80 > 75.18.177.36.1106: [|tcp] (DF) Sep 21 21:53:34.570469 rule 0/(match) block in on fxp1: 75.18.177.36.1105 > 172.16.10.11.80: [|tcp] (DF) Here is my pf.conf file: ##### MACROS #### ext_if="fxp1" int_if="fxp0" pf_log="pflog0" icmp_types="echoreq" #### OPTIONS ##### set loginterface $ext_if set loginterface $int_if set block-policy return set skip on lo # scrub scrub in nat on $ext_if from !($ext_if) -> ($ext_if:0) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr on $ext_if proto tcp from any to 75.44.229.18 port 80 -> 172.16.10.11 port 80 rdr on $ext_if proto tcp from any to 75.44.229.19 port 3128 -> 172.16.10.12 port 3128 # filter block in log (all, to pflog0) pass out keep state antispoof quick for { lo $int_if } pass in on $ext_if inet proto tcp from any to 172.16.10.11 port 80 flags S/SA keep state pass in on $ext_if inet proto tcp from any to 75.44.229.17 port 22 flags S/SA keep state pass in on $ext_if inet proto tcp from any to 172.16.10.12 port 3128 flags S/SA synproxy state pass in inet proto icmp all icmp-type $icmp_types keep state pass in quick on $int_if