|
It looks to me like I just needed to flush
all the rules and start over. My
rules are being parsed ok now. I do
have one other question though. Why
won’t a rule like the following match? pass in quick log-all on vlan6 inet proto tcp from
172.16.8.71 to 128.252.21.6 port 135
flags S/SA keep state I know that 128.252.21.6 resides on vlan6.
I can see that traffic in a tcpdump –n –e
–ttt –I pflog0 net 128.252.21.6 port
135. However this rule will not
match anything until I remove the “on vlan6”. Then it works fine. If I pull out the “on vlan6”
and change “keep state” to “modulate state” the rule
will die too. I am testing with telnet 128.252.21.6 135
and I am using OpenBSD 3.3 stable. Thanks again, Andrew Eaton -----Original Message----- Hello all, I am having a problem with filtering
on a vlan aware bridge. I am
wondering if anyone has seen a tcpdump that looks like the following and what
it means. Particularly the part
about the rule -1/0(match). Sep 11 17:35:33.988497 rule
-1/0(match): pass in on vlan16: 64.236.34.72.80 > 172.16.0.36.3114: .
63809:64321(512) ack 1 win 4096 Sep 11 17:35:33.988501 rule
-1/0(match): pass out on vlan17: 64.236.34.72.80 > 172.16.0.36.3114: .
63809:64321(512) ack 1 win 4096 Sep 11 17:35:33.989717 rule
-1/0(match): pass in on vlan17: 172.16.0.36.3114 > 64.236.34.72.80: . ack
64321 win 0 (DF) Sep 11 17:35:33.989720 rule
-1/0(match): pass out on vlan16: 172.16.0.36.3114 > 64.236.34.72.80: . ack
64321 win 0 (DF) I have spent a lot of time debugging
this and the rules are not being parsed right. I thought I might start here. Thanks in advance, Andrew Eaton |
- tcpdump and rule -1/0 Eaton, Andy
- Re: tcpdump and rule -1/0 Asenchi
- Re: tcpdump and rule -1/0 Eaton, Andy
- Re: tcpdump and rule -1/0 Henning Brauer
- Re: tcpdump and rule -1/0 Asenchi
