Dear Tech Reader,
Maybe this would be misc but i am trying to avoid some useless answer.
This is openbsd 5.8 patched ( -r OPENBSD_5_8 )
All my block rule log.
Nothing appear in tcpdump -teni pflog0
But pf drop packet (set skip or pfctl -d) solve problem.
[0]-[blue]-[/cloudgate]
# ping -c2 -w2 172.16.0.1
PING 172.16.0.1 (172.16.0.1): 56 data bytes
64 bytes from 172.16.0.1: icmp_seq=0 ttl=255 time=0.894 ms
64 bytes from 172.16.0.1: icmp_seq=1 ttl=255 time=0.966 ms
--- 172.16.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.894/0.930/0.966/0.036 ms
[0]-[blue]-[/cloudgate]
# tcpdump -tteni pflog0 &
[1] 31913
[0]-[blue]-[/cloudgate]
# tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
pfctl -e
pf enabled
[0]-[blue]-[/cloudgate]
# ping -c2 -w2 172.16.0.1
PING 172.16.0.1 (172.16.0.1): 56 data bytes
ping: sendto: No route to host
ping: wrote 172.16.0.1 64 chars, ret=-1
ping: sendto: No route to host
ping: wrote 172.16.0.1 64 chars, ret=-1
--- 172.16.0.1 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
[1]-[blue-viking]-[/cloudgate]
# ifconfig gre
gre0: flags=9011<UP,POINTOPOINT,LINK0,MULTICAST> mtu 1476
description: citywan
priority: 0
keepalive: timeout 10 count 6
groups: gre
status: keepalive down
tunnel: inet 10.19.71.31 -> 10.54.213.241
inet 172.16.0.2 --> 172.16.0.1 netmask 0xffffffff
But i would like to match out on gre0 from (x:network) to !(self) nat-to
(gre0:0)
Not possible ?
--
---------------------------------------------------------------------------------------------------------------------
() ascii ribbon campaign - against html e-mail
/\
