Hello, World!
I've found my bug by myself. So for those interested, have a look
below.
Antoine Junod <[EMAIL PROTECTED]> writes:
[...]
> I'm facing what I think is a problem in my pf.conf rules set. Here is
> my setup:
>
> I've a private network, 192.168.1.0/24, with 192.168.1.1 being the
> default gateway. It runs OpenBSD and pf. Another box on the network,
> 192.168.1.4, is a gateway to the 10.82.6.0/24 network.
>
> On 192.168.1.1, I've a static route for the 10.82.6.0/24 as follow:
>
> 10.82/24 192.168.1.4 UGS 0 251 - sis2
>
> On 192.168.1.1, I've got the following pf rule (the whole rule set is
> in [PF] below):
>
> pass to 10.82.6.0/24
>
> Pinging 10.82.6.6 from 192.168.1.130 is okay (I get some ICMP redirect
> but that's fine). Pinging 192.168.1.130 from 10.82.6.6 is also okay.
>
> But when I'm trying to ssh from 10.82.6.6 to 192.168.1.130 it
> fails.
[...]
The point was that the pf on 192.168.1.1 was dropping the connection
because the initial TCP packet tagged with the SYN flag, was not going
through it, but rather directly to 192.168.130. It was seeing only the
packet with the SYN/ACK flag. And we can read in pf.conf(5) that the
default is flag S/SA. What explains everything :)
Thus, changing
pass to 10.82.6.0/24
to
pass to 10.82.6.0/24 flags any
solved my problem.
So, sorry for the noise and I hope it will help others.
-AJ
