Hello, I have some troubles with PF blocks.
I have two networks connected with a VPN between an Openbsd 4.4 and a Freebsd 6.4 firewall. So, I can connect to a remote host, from my computer behind the Openbsd firewall, throught the VPN with SSH. But a few second after, the following block appears in my pf log on the Openbsd firewall : # tcpdump -vvveni pflog0 tcpdump: listening on pflog0, link-type PFLOG 03:35:48.937334 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] (ttl 63, id 32188, len 100) 03:35:49.108254 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] (ttl 63, id 58480, len 100) 03:35:49.178617 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] (ttl 63, id 32629, len 148) 03:35:49.267735 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] (ttl 63, id 16761, len 100) Yet, in my PF configuration, I set rule which allow this traffic : pass log quick on nfe0 from 10.11.0.0/16 to any flags S/SA keep state (if-bound) This is the option of my pf.conf file : scrub in all no-df random-id fragment reassemble scrub on nfe0 all reassemble tcp fragment reassemble I have another similar problem. I'm trying to connect to a web server behind the Openbsd Firewall from a computer behind the Freebsd Firewall. I have this block in my PF log : # tcpdump -vvveni pflog0 tcpdump: listening on pflog0, link-type PFLOG 03:36:03.309939 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.10.1.39.80 > 192.168.1.150.56417: [|tcp] (ttl 127, id 35287, len 48) 03:36:06.002860 rule 1/(match) [uid 0, pid 14289] block in on nfe0: 10.10.1.39.80 > 192.168.1.150.56417: [|tcp] (ttl 127, id 50439, len 48) This is a rule set in my pf.conf file : pass log quick on nfe0 inet from 10.10.1.39 to 192.168.1.0/24 flags S/SA keep state (if-bound) Somebody have an idea to help me ? Thank you.
