On Tue, Nov 22, 2005 at 11:51:50PM -0500, [EMAIL PROTECTED] wrote: > While running pftop, or pfctl -vvs state, I see a lot of traffic from > the firewall machine to itself over the internal LAN interface port. I am > not sure what service would route something out a local interface to > itself; it feels more like a misconfiguration. Thoughts ?
Do you have any route-to or reply-to lo0 rules? Otherwise it's odd that you'd see connections on the loopback interface with addresses other than 127.0.0.1. You can list what processes use which tcp ports with # fstat | grep tcp and look for either port 3493 or 33733, at least one of the endpoints should be a local process. Or sniff some of the traffic with # tcpdump -s 1600 -nvvvXi lo0 maybe the packet payload gives a clue to what those connections are. Once you know that the connections are legitimate, you can tell pf to skip processing packets on lo0, with a line like this in pf.conf set skip on lo0 Daniel
