Re: PF weirdness with snapshot

Sat, 17 Mar 2007 15:23:11 -0800 

What am I missing here?
The rules look right, why am I getting blocked?

# pfctl -sr
block drop in log all
pass out from (fxp0) to any flags S/SA keep state
pass in inet from 10.10.77.0/24 to any flags S/SA keep state
# pfctl -sn
nat on fxp0 inet from 10.10.77.0/24 to any -> (fxp0:0)
rdr pass log on fxp0 inet proto tcp from any to any port = 26167 ->
10.10.77.5





/dev/pflog0
18:17:39.885515 rule 0/(match) rdr in on fxp0: 72.20.4.102.32984 >
10.10.77.5.26167: [|tcp] (DF)
18:17:39.885923 rule 0/(match) block in on fxp1: 10.10.77.5.26167 >
72.20.4.102.32984: [|tcp] (DF)
18:17:42.889960 rule 0/(match) block in on fxp1: 10.10.77.5.26167 >
72.20.4.102.32984: [|tcp] (DF)
18:17:42.941945 rule 0/(match) block in on fxp1: 10.10.77.5.26167 >
72.20.4.102.32984: [|tcp] (DF)
18:17:48.958046 rule 0/(match) block in on fxp1: 10.10.77.5.26167 >
72.20.4.102.32984: [|tcp] (DF)


/dev/fxp0
18:17:39.885437 72.20.4.102.32984 > 64.4.120.163.26167: S
3819692155:3819692155(0) win 5840 <mss 1460,sackOK,timestamp 3766403953
0,nop,wscale 8> (DF)
18:17:42.889613 72.20.4.102.32984 > 64.4.120.163.26167: S
3819692155:3819692155(0) win 5840 <mss 1460,sackOK,timestamp 3766404703
0,nop,wscale 8> (DF)


/dev/fxp1
18:17:39.885639 72.20.4.102.32984 > 10.10.77.5.26167: S
3819692155:3819692155(0) win 5840 <mss 1460,sackOK,timestamp 3766403953
0,nop,wscale 8> (DF)
18:17:39.885857 10.10.77.5.26167 > 72.20.4.102.32984: S
3081111464:3081111464(0) ack 3819692156 win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
18:17:42.889747 72.20.4.102.32984 > 10.10.77.5.26167: S
3819692155:3819692155(0) win 5840 <mss 1460,sackOK,timestamp 3766404703
0,nop,wscale 8> (DF)
18:17:42.889900 10.10.77.5.26167 > 72.20.4.102.32984: . ack 3819692156
win 65535 <nop,nop,timestamp 29736 3766403953> (DF)
18:17:42.941873 10.10.77.5.26167 > 72.20.4.102.32984: S
3081111464:3081111464(0) ack 3819692156 win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)
18:17:48.957970 10.10.77.5.26167 > 72.20.4.102.32984: S
3081111464:3081111464(0) ack 3819692156 win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF)

Reply via email to