Hi all
I've very strange problem
I've FreeBSD box running pf with 3 NIC, one on each different subnet (all
public), I'm using ipfw for making a router. I want use pf now
I've using keep state option of all my rules but it's seem not working.
With keep state option I've got a dynamic rule on pfctl but it's in wrong
direction.
It's a problem with FreeBSD or it's with pf ?
For example I've put this kind of rule
pass in on $first-nic proto tcp from IP-A to IP-B port 22 keep state
When I try to connect from IP-A to IP-B using ssh the connection don't
work. And I've got
self tcp IP-B:22 <- IP-A:56906 CLOSED:SYN_SENT
self tcp IP-B:22 <- IP-A:59496 CLOSED:SYN_SENT
in my pfctl -s state
and got deny for outgoing packet from IP-B to IP-A
On my old FreeBSD I'm using something like
ipfw add permit any to any established.
How can I do that on pf.
Regards.
--
Albert SHIH
Universite de Paris 7 (Denis DIDEROT)
U.F.R. de Mathematiques.
7 ième étage, plateau D, bureau 10
Heure local/Local time:
Wed Dec 13 17:44:00 CET 2006
