> > On Jan 4, 2012, at 12:03 AM, Ermal Luçi wrote: > >> Can you see if on the enc(4) interface pf(4) sees both side of the traffic? > > I can on enc0. Doing a tcpdump(1) shows me traffic traveling both ways. > Should there be a pf(4) interface for me to listen on? I've listened on > pflog(4), and only seen traffic going one way, even when I have relevant > rules set to "log(all)" >
I had this problem when trying to firewall/NAT traffic from MPD - it appeared that MPD inserts the packets directly into the middle of the packet flow, without triggering any inbound processing by PF. IPsec does this correctly if you have set the sysctls as per the man page on enc, as does PopTop and ppp (which was my solution to the MPD issue) It didn't matter what firewall rules were configured, and this behaviour was present in the 7 branch as well as 8. Mel_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
