Dug, Not really enough info here to determine what is going on, but to be sure, try this:
pfctl -vvs rules This will show you the order of your rules, and whatever rule is listed as "1" is what is blocking this packet. If it is the rule you are talking about here, then its too hard to tell with this info. Do you have access to the other boxes log? That may be helpful, but this should at least make sure you are troubleshooting the correct rule. Hope this helps. Jim On Tue, Jan 6, 2009 at 6:38 PM, dug <d...@xgs-france.com> wrote: > Hello, > > I have some troubles with PF blocks. > > I have two networks connected with a VPN between an > Openbsd 4.4 and a Freebsd 6.4 firewall. > So, I can connect to a remote host, from my computer behind the > Openbsd firewall, throught the VPN with SSH. > But a few second after, the following block appears in my pf log > on the Openbsd firewall : > > # tcpdump -vvveni pflog0 > tcpdump: listening on pflog0, link-type PFLOG > > 03:35:48.937334 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] > (ttl 63, id 32188, len 100) > > 03:35:49.108254 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] > (ttl 63, id 58480, len 100) > > 03:35:49.178617 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] > (ttl 63, id 32629, len 148) > > 03:35:49.267735 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.11.1.100.65024 > 192.168.1.150.22: [|tcp] [tos 0x10] > (ttl 63, id 16761, len 100) > > Yet, in my PF configuration, I set rule which allow this traffic : > pass log quick on nfe0 from 10.11.0.0/16 to any flags S/SA keep state > (if-bound) > > This is the option of my pf.conf file : > scrub in all no-df random-id fragment reassemble > scrub on nfe0 all reassemble tcp fragment reassemble > > I have another similar problem. > I'm trying to connect to a web server behind the Openbsd Firewall from a > computer behind the Freebsd Firewall. > I have this block in my PF log : > > # tcpdump -vvveni pflog0 > tcpdump: listening on pflog0, link-type PFLOG > > 03:36:03.309939 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.10.1.39.80 > 192.168.1.150.56417: [|tcp] (ttl 127, id 35287, len 48) > > 03:36:06.002860 rule 1/(match) [uid 0, pid 14289] block in on nfe0: > 10.10.1.39.80 > 192.168.1.150.56417: [|tcp] (ttl 127, id 50439, len 48) > > > This is a rule set in my pf.conf file : > > pass log quick on nfe0 inet from 10.10.1.39 to 192.168.1.0/24 flags S/SA > keep state (if-bound) > > > > Somebody have an idea to help me ? > > Thank you.
