-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Harald Weis wrote: | My ''very secure inclusive type of firewall'' works as expected behind | Free's freebox, but not behind Nerim's SpeedTouch. Both boxes are | configured as routers. | Nerim's DNS's respond with bad packets like so: | 08/10/2009 11:27:27.898288 fxp0 @0:25 b 62.4.16.70,53 -> 10.0.0.28,62317 | PR udp len 20 395 IN bad | 08/10/2009 11:27:32.897670 fxp0 @0:25 b 62.4.17.69,53 -> 10.0.0.28,59923 | PR udp len 20 395 IN bad | | Evidently, the packets get blocked by the very last rule: | block in log first quick on $oif all | | I cannot find out the meaning of ''bad'' and what it responsible for it.
Unfortunately it can mean more than one thing... although the list is not very long for UDP packets. Are you able to use tcpdump for those packets? Something like: tcpdump -vvv -i fxp0 src port 53 Darren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkr3PewACgkQP7JIXtvLbFXrCgCgyzuxyJvNOc2rmXgY6R0A/EJ9 dVwAn0ddOorOM7ihz3ufa/YQeB5MXlPJ =zeix -----END PGP SIGNATURE-----
