I didn't give you rules to try, I was pointing out that you had a problem because you had conflicting scrub rules.
Since you didn't include pf.conf I can't make any suggestions exactly what is conflicting, but if you look through it you'll find some other scrub rules which you need to remove or re-order. On 2007/12/22 00:49, gentoo1 wrote: > Stuart Henderson wrote: > > > > On 2007/12/21 14:13, gentoo1 wrote: > >> I put this in my pf.conf but ttl is still zero.: > >> > >> scrub out on $ext_if min-ttl 10 > >> .... > >> scrub in on $ext_if all fragment reassemble min-ttl 15 max-mss 1400 > > > > You've got some other scrub rules: > > > >> scrub in all fragment reassemble > >> scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > >> scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > >> scrub in on fxp0 all no-df fragment reassemble > >> scrub on fxp0 all reassemble tcp fragment reassemble > > > > It looks like first matching scrub rule wins, so you need to > > remove/re-order some of the others. > > > > > > > > Thank you Stuart for your kind reply! > Ok. I try your rules but ttl is still zero. First i set this rules in my > pf.conf , then i flush all tables and start pf again. > > mars:~# pfctl -sr > scrub in all fragment reassemble > scrub in all fragment reassemble > scrub in on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > scrub out on fxp0 all min-ttl 15 max-mss 1400 fragment reassemble > scrub in on fxp0 all no-df fragment reassemble > scrub on fxp0 all reassemble tcp fragment reassemble > .......... > > mars:~# ping openbsd.org > PING openbsd.org (199.185.137.3): 56 data bytes > 64 bytes from 199.185.137.3: icmp_seq=0 ttl=0 time=207.995 ms > 64 bytes from 199.185.137.3: icmp_seq=1 ttl=0 time=208.266 ms > > :( > > So any other ideas? > Thanks
