Greg Hennessy wrote:
I actually need to see how a packet that the IPSEC code generates is
passes through PF (What rules it is (not) matching etc). At the moment
it seems that it is either a) not passing through pf at all, b) For
some
reason not matching the source routing rule.
Is there anyway to see this, possibly by setting debuging to loud
(pfctl
-x loud) ?
Are you filtering on the loopback by any chance ? Or have you set skip on
lo0 ?
Greg
I have the following rules on lo0:
pass in quick on lo0 inet from 127.0.0.1 to 127.0.0.1 label "RULE 2
-- ACCEPT "
pass out quick on lo0 inet from 127.0.0.1 to 127.0.0.1 label "RULE 2
-- ACCEPT "
However the ESP packet generated by the IPSEC code still makes it out
onto the network but fails to hit the source route rules:
pass out quick on bge1 route-to ( bge1 xxx.xxx.xxx.161 ) inet from
xxx.xxx.xxx.169 to ! xxx.xxx.xxx.160/27 keep state label "RULE 18 -- "
pass out quick on bge1 route-to ( bge1 yyy.yyy.yyy.65 ) inet from
yyy.yyy.yyy.79 to ! yyy.yyy.yyy.64/27 keep state label "RULE 19 -- "
Tom
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
