pf log question

2008-06-24 Thread Monah Baki
Hi all, Using tcpdump -i pflog0 Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0 Is there a way to display what's rule 14? Thank you BSD Networking, Microsoft Notworking

Re: pf log question

2008-06-24 Thread Jason Dixon
On Tue, Jun 24, 2008 at 11:06:04AM -0400, Monah Baki wrote: Hi all, Using tcpdump -i pflog0 Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0 Is there a way to display what's rule 14? pfctl -vvsr -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/

Re: pf log question

2008-06-24 Thread Paul de Weerd
On Tue, Jun 24, 2008 at 11:06:04AM -0400, Monah Baki wrote: | Hi all, | | Using tcpdump -i pflog0 | | Jun 24 10:54:01.209701 rule 14/(match) pass in on tun0 | | Is there a way to display what's rule 14? pfctl -vvs rules | grep [EMAIL PROTECTED] Cheers, Paul 'WEiRD' de Weerd --

Re: pf log question

2008-06-24 Thread Imre Oolberg
Hi! One way to see what rule number a rule has is to say # pfctl -vvvsr And for example, if some connection needs attention then its good to loop up state's rule numer with pfctl -vvvss. Imre Monah Baki wrote: Hi all, Using tcpdump -i pflog0 Jun 24 10:54:01.209701 rule 14/(match) pass

Re: pf log question

2008-06-24 Thread Monah Baki
Thanks all for all the help. Reason I was asking is I have this strange issue. First my pf.conf (sniped) is: + int_if=xl0 ext_if=xl1 external_addr=tun0 tcp_services = { 22, 25, 53, 80, 110, 143, 443, 554, 6667, 1220, 1863, \ 3128, 5060, 5061, 5190, 6667, 8000, 8021, 8080,

Re: pf log question

2008-06-24 Thread Brian Keefer
Make sure you're setting a state. I had the same problem with gmail, and then I realized that I had accidentally preempted the rule which was setting state on my DMZ interface. Once I fixed that I didn't have any more problems. -- chort On Jun 24, 2008, at 10:56 AM, Monah Baki wrote:

pf log question

2007-02-27 Thread Frans Haarman
# tcpdump -e -ttt -n -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 00 rule 4294967295/unkn(8): pass in on bge0:

Re: pf log question

2007-02-27 Thread Frans Haarman
On 2/27/07, Gustavo Rios [EMAIL PROTECTED] wrote: Could you send your pf.conf entirely? On 2/27/07, Frans Haarman [EMAIL PROTECTED] wrote: # tcpdump -e -ttt -n -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol