On 19 Dec 2005 21:41:02 -0800, Jonathan Rogers <[EMAIL PROTECTED]> wrote: > In any case, refer back to the original posting - the blocked packet > from the tcpdump shown is clearly of a TCP packet (it would say "UDP" > at the end otherwise).
It doesn't say S(YN), and I don't know what label does. You haven't provided enough information. Include pfctl -s all, ifconfig -a, netstat -nr, capture with a long enough snaplen, decoded with -v -v, and then maybe I can help. I also assume dmz_if=xl2, but you haven't shown that here either. This is like trying to identify a forest with one look through a microscope. What you show looks okay, but context matters. Trying to guess what might have gone wrong elsewhere is a game I don't have patience to play. -- http://www.lightconsulting.com/~travis/ "You are free... to do as we tell you!" -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
