vlan6 in that rule doesn't mean vlan number 6, it means the interface vlan6. that is not neccessarily vlan number 6.
On Thu, Sep 11, 2003 at 06:00:53PM -0500, Eaton, Andy wrote: > It looks to me like I just needed to flush all the rules and start over. > My rules are being parsed ok now. I do have one other question though. > Why won't a rule like the following match? > > pass in quick log-all on vlan6 inet proto tcp from 172.16.8.71 to > 128.252.21.6 port 135 flags S/SA keep state > > I know that 128.252.21.6 resides on vlan6. I can see that traffic in a > tcpdump -n -e -ttt -I pflog0 net 128.252.21.6 port 135. However this > rule will not match anything until I remove the "on vlan6". Then it > works fine. If I pull out the "on vlan6" and change "keep state" to > "modulate state" the rule will die too. > I am testing with telnet 128.252.21.6 135 and I am using OpenBSD 3.3 > stable. > > > Thanks again, > > > Andrew Eaton > > -----Original Message----- > From: Eaton, Andy > Sent: Thursday, September 11, 2003 5:38 PM > To: '[EMAIL PROTECTED]' > Subject: tcpdump and rule -1/0 > > Hello all, > > I am having a problem with filtering on a vlan aware bridge. I am > wondering if anyone has seen a tcpdump that looks like the following and > what it means. Particularly the part about the rule -1/0(match). > > Sep 11 17:35:33.988497 rule -1/0(match): pass in on vlan16: > 64.236.34.72.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096 > Sep 11 17:35:33.988501 rule -1/0(match): pass out on vlan17: > 64.236.34.72.80 > 172.16.0.36.3114: . 63809:64321(512) ack 1 win 4096 > Sep 11 17:35:33.989717 rule -1/0(match): pass in on vlan17: > 172.16.0.36.3114 > 64.236.34.72.80: . ack 64321 win 0 (DF) > Sep 11 17:35:33.989720 rule -1/0(match): pass out on vlan16: > 172.16.0.36.3114 > 64.236.34.72.80: . ack 64321 win 0 (DF) > > I have spent a lot of time debugging this and the rules are not being > parsed right. I thought I might start here. > > > Thanks in advance, > > > Andrew Eaton -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
