Hello,
I am running 3.4 stable as a vlan aware bridge and am trying to get
authpf working across it. It looks to me like the user authenticates
ok. IE. ps -aux shows the following:
root 25787 0.0 0.3 376 1352 ?? Ss 10:49PM 0:00.02 \
sshd: authpfadmin [priv] (sshd)
authpfadmin 2165 0.0 0.2 340 1156 ?? S 10:49PM 0:00.01\
sshd: [EMAIL PROTECTED] (sshd)
authpfadmin 10345 0.0 0.1 376 752 p0 Ss+ 10:49PM 0:00.01\
-authpf: [EMAIL PROTECTED] (authpf)
I have the following in my pf.conf:
...
...
...
pass in quick inet proto tcp from 172.16.8.71 to 172.16.7.253 port\
22 flags S/SA keep state
anchor authpf
block drop in log quick from any to <blocks>
block drop in log quick from <blocks> to any
block drop in quick on { vlan0, vlan2 }
I have the following in /etc/authpf/authpf.rules:
pass in log quick inet proto tcp from $user_ip to any keep state
pass in log quick inet proto udp from $user_ip to any keep state
If I test the anchor it seems to work fine when the user is logged
in and cleans itself up when logged out.
pfctl -a authpf -s rules shows:(user logged in)
pass in log quick inet proto tcp from 172.16.8.71 to any keep state
pass in log quick inet proto udp from 172.16.8.71 to any keep state
That 172 address is my address. Yet none of the traffic seems to
hit anchor. All that traffic hits the second block statement used for
testing according to tcpdump.
Anyone with any ideas? Any help appreciated.
Andrew Eaton
