On Mon, 2005-10-31 at 16:27 -0500, Scott Ullrich wrote: > Well for one your setting the _SAME_ ip on two interfaces, your wan > and LAN. Don't do this! Use a different IP or use a "fake" ip on > the LAN such as 192.168.1.1.
Scott, I guess we're back to the reason why I set it this way :) The fake IP address results in a lot of rules generated which should apply to LAN but actually do not work because LAN is set to the IP which no one uses. For example LAN lockout rule is created very wrong. I tried with empty LAN address and this one and both of them normally work. I tested benchmark in both configurations and there is the same effect. > > Scott > > On 10/31/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > I still don't have any idea what your trying to do. Send me your > > config.xml off-list. > > > > Scott > > > > > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > > On Mon, 2005-10-31 at 15:33 -0500, Scott Ullrich wrote: > > > > So what your saying is after "disabling" the firewall and rebooting pf > > > > is still enabled? > > > > > > No. That is what is the mystery. The firewall is disabled after I > > > reboot. pf is not running but I can't connect to the firewall host > > > (both SSH and HTTPS). I can connect the boxes which are behind > > > firewall but not firewall host itself. > > > > > > It seems somehow related to the same IP on LAN and WAN interfaces > > > according to my previous tests. > > > > > > > > > > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > > > > On Mon, 2005-10-31 at 15:12 -0500, Scott Ullrich wrote: > > > > > > pfctl runs pfctl -f /tmp/rules.debug. What happens if you run this? > > > > > > > > > > There is no "rules.debug" if you have disabled firewall in advanced > > > > > setting and rebooted. > > > > > > > > > > That was my first surprise :) > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
