On Tue, Dec 17, 2002 at 01:33:18AM -0600, Shawn Mitchell wrote:
07:23:28.793476 rule 6/0(match): block in on dc1: 65.172.62.147.3086
205.188.179.233.5190: S 3584173258:3584173258(0) win 16384 mss
1460,nop,nop,sackOK (DF)
07:23:29.042444 rule 6/0(match): block in on dc1: 65.172.62.145.1145
: Very Annoying problem... blocks everything...
On Mon, Dec 16, 2002 at 04:20:01PM -0600, [EMAIL PROTECTED] wrote:
http://www.iodamedia.net/pf.conf
Go grab it.. and tell me what I'm doing wrong!
Sorry dude, but your conf looks butt ugly... :/
Like C code, good style helps a lot.
--
gustavo
Ok, I'm new to OpenBSD and pf, but I'm quickly getting the hang of it.
Here's my setup:
AMD 2300 w/ 512mb DDR ram
512mb flash drive
5 10/100 network cards
I have 4 networks right now, one of them is the internet. So let's call them, Inet,
A, B,and C.
Network C is the network with all
Shawn,
Multi-interface packet filtering can be tricky. Could you post your
rules?
Without that, all we can probably say is that you have a
misconfiguration somewhere.
IIRC, creating stateful inspection on one interface does not allow the
packets to go through other interfaces. This is my
Only on the dc0 interface. the 192.168.3.0/24 block is on the dc1 interface.
The dc0 interface goes to the internet... I don't want/need to send anything from
192.168/16 to the internet
since their 1918 addys...
-Shawn
Do you have all routing set up correctly? Is the network that
[EMAIL PROTECTED] wrote:
http://www.iodamedia.net/pf.conf
Go grab it.. and tell me what I'm doing wrong!
-Shawn
Your ruleset is quite large to debug it just by looking at it.
But one error quickly sprang to my eyes: You're blocking the loopback
interface, which is certainly a bad idea.
On Mon, 2002-12-16 at 19:50, Shawn Mitchell wrote:
Dosn't matter what IP address on any interface you ping. All comes back
with the same thing.
I turned on logging to see what wasn't making and such. I'm seeing DNS
requests getting blocked...
Routing is not an issue. The packets (ICMP,
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jason Dixon
Sent: Monday, December 16, 2002 8:42 PM
To: PF Mailing List
Subject: RE: Very Annoying problem... blocks everything...
On Mon, 2002-12-16 at 19:50, Shawn Mitchell wrote:
Dosn't matter what IP address on any
On Mon, 2002-12-16 at 22:46, Shawn Mitchell wrote:
on the tcpdump -nettti pflog0 command, should everything match the last
two rules, which are:
pass in log quick inet from any to any
pass out log quick inet from any to any
No. You have a gazillion other quick rules in front of these. The
, 2002 9:52 PM
To: PF Mailing List
Subject: RE: Very Annoying problem... blocks everything...
On Mon, 2002-12-16 at 22:46, Shawn Mitchell wrote:
on the tcpdump -nettti pflog0 command, should everything match the last
two rules, which are:
pass in log quick inet from any to any
pass out log quick
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jason Dixon
Sent: Monday, December 16, 2002 9:52 PM
To: PF Mailing List
Subject: RE: Very Annoying problem... blocks everything...
On Mon, 2002-12-16 at 22:46, Shawn Mitchell wrote:
on the tcpdump -nettti pflog0 command
Do you have all routing set up correctly? Is the network that
192.168.3.250 is on in the same subnet as one of the firewall interfaces?
Or is it a separate network? You'd need to add a route for it if it's
separate.
I had something funky happen with my routes at one point and had to
re-add.
12 matches
Mail list logo
