On Fri, Jan 06, 2006 at 01:40:41PM -0500, Len Zaifman wrote: > Jan 05 20:14:22.207437 rule 12.leonardz(5766).5/(match) pass in on > fxp0: 192.168.7.55.27493 > undeadly.org.www: [|tcp] (DF) > Jan 05 20:14:22.207585 rule 12.leonardz(5766).24/(match) pass out on > tun0: toronto-HSE-ppp3934115.sympatico.ca.63609 > undeadly.org.www: > [|tcp] (DF)
The source address/port translation indicates you're also using NAT. Are you sure the NAT rule matching this connection doesn't have a 'tag xyz' option? It would apply AFTER the 'pass in on fxp0' rule, and overwrite the tag. Daniel
