On Fri, Dec 3, 2010 at 3:43 PM, Wakefield, Thad M. <[email protected]> wrote: > >> Can you send me .pcap file with this packet please? Once I saw similar >> problem when IP header had additional options. The packet just did not >> follow my rule and that is it! >> Thanks. >> > > While capturing the packet for you, I discovered the problem. This traffic is > asymmetrical. This packet is a syn/ack packet. Since the pfsense doesn't see > the syn packet, I assume it blocks the packet when configured to keep state. > Is there an easy pfsense solution for asymmetrical traffic? Is a solution to > manually edit the pf rules file to allow the traffic out the bge0 interface? >
Either check "bypass rules for traffic on same interface" under System> Advanced, or use 2.0 with sloppy state tracking. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
