Re: Trouble getting IP Phone to work

2007-05-16 Thread Volker
On 12/23/-58 20:59, Henry wrote: > I'm running PF. > - I have an IP Phone here that uses the 3com NBX phone system. > - Residential cable broadband connection with dynamic IP. > > When I use binat, the phone works 100%. > > When I use NAT with redirects to forward, the phone works partially. > So

Packet Path Through PF (onec for each interface?)

2007-05-16 Thread Tom Judge
Hi, I have a question about the number of times a packet passes through pf on a router. Take the following simple configuration 172.31.0.1/24:em0-[FreeBSD Router]-em1:172.31.1.1/24 Does a packet being routed from em0 to em1 pass through PF twice? Would the following example work to only pas

Re: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Judge <[EMAIL PROTECTED]> wrote: > > I have a question about the number of times a packet passes through pf > on a router. The PF subsystem always examines every packet that passes in or out an interface. For a forwarded packet that means it wil

RE: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread Greg Hennessy
> > Does a packet being routed from em0 to em1 pass through PF twice? > PF does both ingress and egress filtering, this explains it far better than I could. http://homepage.mac.com/quension/pf/flow.png > > pass in quick on em0 proto tcp from 172.31.0.0/24 to 172.31.1.0/24 port > 22 keep st

Re: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread Tom Judge
David DeSimone wrote: Tom Judge <[EMAIL PROTECTED]> wrote: I have a question about the number of times a packet passes through pf on a router. The PF subsystem always examines every packet that passes in or out an interface. For a forwarded packet that means it will be examined twice. Howeve

Re: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Judge <[EMAIL PROTECTED]> wrote: > > According to the diagram that Greg sent a link to state is checked for > every interface. However is the state information tied to an > interface? The answer is determined by the state-policy. In your configu

Re: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread Tom Judge
David DeSimone wrote: Tom Judge <[EMAIL PROTECTED]> wrote: According to the diagram that Greg sent a link to state is checked for every interface. However is the state information tied to an interface? The answer is determined by the state-policy. In your configuration you can set state-poli

Re: Packet Path Through PF (onec for each interface?)

2007-05-16 Thread Kian Mohageri
On 5/16/07, Tom Judge <[EMAIL PROTECTED]> wrote: em0 and bge0 em2 and bce0 em3 and bce1 Do all the interface names have to match on the HA pair? Yes they do - but that is only if you use an if-bound state-policy, which isn't default. Keep in mind also that states also have a direction associa