I spent the evening reworking my pf.conf file in order to get AltQ working. I successfully have that working, but somewhere along the line I broke PPTP and can no longer connect back to the office. I have compared by old and new pf.conf files but have not quite found the problem. I also ran a tcpdump on the connection but am honestly not sure what I'm looking for. Could I trouble someone to look over this of.conf file and see if they can tell me why PPTP will not work?
################ Macros ################################### ### Interfaces ### ext_if ="fxp0" wire_if="fxp1" ### Global Variables ### ext_ip ="a.b.c.d" wire_network ="192.168.1.0/24" wire_gw ="192.168.1.1/32" ftp_server ="192.168.1.5" workstation ="192.168.1.100" ################ Tables #################################### table <blacklist> persist file "/etc/tables/blacklist" table <ftp-auth> persist file "/etc/tables/ftp-auth" table <sinokorea> const file "/etc/tables/sinokorea" table <ssh-bruteforce> persist table <voipservers> const file "/etc/tables/voipservers" ################ Options ################################## # Misc Options set require-order yes set block-policy drop set loginterface $ext_if set state-policy if-bound set fingerprints "/etc/pf.os" set ruleset-optimization none ################ Normalization ############################# scrub on $ext_if all random-id reassemble tcp fragment reassemble ################ Queueing ################################## altq on $ext_if hfsc bandwidth 768Kb queue { ack, voip, stream, web, email, p2p, general } queue ack bandwidth 60% priority 7 qlimit 500 hfsc (realtime 50%) queue voip bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%) queue stream bandwidth 10% priority 5 qlimit 500 hfsc (realtime 10%) queue web bandwidth 10% priority 4 qlimit 500 hfsc queue email bandwidth 4% priority 3 qlimit 500 hfsc queue p2p bandwidth 1% priority 3 qlimit 500 hfsc (upperlimit 99%) queue general bandwidth 5% priority 2 qlimit 500 hfsc (realtime 5% default) ################ Translation ############################### no rdr on lo0 from any to any nat on egress from (self) to any tag EGRESS -> ($ext_if:0) nat on egress from $wire_if:network to any tag EGRESS -> ($ext_if:0) # DENY rouge redirections no rdr ################ Filtering ################################# # Deny spoofed packets antispoof log quick for { lo0 $wire_if ($ext_if) } # Block to/from illegal sources/destinations block drop quick inet6 block in log quick from no-route to any block in quick on $ext_if from <blacklist> to any block in quick on $ext_if from <sinokorea> to any block in quick on $ext_if from <ssh-bruteforce> to any block in quick on $ext_if from any to 255.255.255.255 block return in quick on $wire_if from any to <blacklist> block return in quick on $wire_if from any to 224.0.0.1 # BLOCK all in/out on all interfaces by default block log on $ext_if block return log on $wire_if # $ext_if inbound pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type 8 code 0 keep state pass in on $ext_if inet proto tcp from any to ($ext_if) port 21 flags S/SA keep state queue (general) tagged FTPPROXY pass in quick log on $ext_if inet proto tcp from any to $ext_if port ssh flags S/SA synproxy state (max 10, source-track rule, max-src-conn 10, max-src-nodes 5, max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global) # $wire_if outbound pass out on $wire_if inet proto tcp from $wire_if to $wire_if:network flags S/SAFR modulate state pass out on $wire_if inet proto tcp to $ftp_server port 21 user proxy flags S/SA keep state pass out on $wire_if inet proto udp from $wire_if to $wire_if:network keep state pass out on $wire_if inet proto icmp from $wire_if to $wire_if:network icmp-type 8 code 0 keep state # $wire_if inbound pass in on $wire_if inet proto tcp from $wire_if:network to $wire_if flags S/SAFR modulate state pass in on $wire_if inet proto tcp from $wire_if:network to !$wire_if flags S/SAFR modulate state pass in on $wire_if inet proto udp from $wire_if:network to $wire_if keep state pass in on $wire_if inet proto udp from $wire_if:network to !$wire_if keep state pass in on $wire_if inet proto icmp from $wire_if:network to $wire_if icmp-type 8 code 0 keep state # $ext_if outbound pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SAFR modulate state queue (general, ack) tagged EGRESS pass out on $ext_if inet proto tcp from ($ext_if) to any port 25 flags S/SAFR modulate state queue (email) tagged EGRESS pass out on $ext_if inet proto tcp from ($ext_if) to any port 80 flags S/SAFR modulate state queue (web) tagged EGRESS pass out on $ext_if inet proto tcp from ($ext_if) to any port 110 flags S/SAFR modulate state queue (email) tagged EGRESS pass out on $ext_if inet proto tcp from ($ext_if) to any port 443 flags S/SAFR modulate state queue (web) tagged EGRESS pass out on $ext_if inet proto tcp from ($ext_if) to any port 8008 flags S/SAFR modulate state queue (stream) tagged EGRESS pass out on $ext_if inet proto udp from ($ext_if) to any queue (general) keep state tagged EGRESS pass out quick on $ext_if inet proto udp from ($ext_if) to <voipservers> tos 0xb8 queue (voip) keep state tagged EGRESS pass out on $ext_if inet proto icmp from ($ext_if) to any keep state queue (general) tagged EGRESS ################ END #######################################