ckets hit
> to my ext_if , but nothing appear in lan_if.
>
are packets blocked?
tcpdump -nettti pflog0 | grep block
--
Zeus V. Panchenko
JID:z...@gnu.org.ua GMT+2 (EET)
___
freebsd-pf@freebsd.o
et enters ipsec box wan ... though when attempt was made via wifi
the packet was appearing indeed ...
so, i believe either my cell operator filtering out ipsec traffic or
android ipsec is lame ... in any case cyanogenmod+openvpn is better
alternative
--
Zeus V. Panchenko
JID:z...@g
Hi,
may somebody clarify, pls:
can pf do `nat before vpn' to make it is possible for LAN to access
networks behind the Cisco ipsec over single ipsec tunnel ip?
i talk about RELENG_8
--
Zeus V. Panchenko
JID:z...@gnu.org.ua GMT+2
id and several seconds of successfull ping ...
looks like rekeying to my mind
--
Zeus V. Panchenko
JID:z...@gnu.org.ua GMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
Da Rock (freebsd...@herveybayaustralia.com.au) [11.05.23 08:23] wrote:
> Ok. So I've tried wifi hotspots and the mobile network- all no go.
> Racoon's obviously not the problem or L2TP; its definitely PF.
does your configuration work without pf?
--
Zeus V. Panchenko
JID
i was not able to figure it out too ...
ipsec esteblishes connection, android receives ip address, even can
ping for a short time and after that it breaks
no idea what's wrong ...
--
Zeus V. Panchenko GMT+2
but the queue directed traffic
is defined by the outgoing from lan request ...
still a bit weird for me ...
> So, take the initial packet of that connection (the HTTP connection from
> client to proxy, incoming on the LAN interface)
it is the key i was lacking
thnx again
--
Zeus V
port = http to 172.12.10.12
flags S/SA keep state (if-bound) queue lan_http
?
why can not i catch $if_int (ale0) outgoing (to lan, from pf) http traffic to
the queue lan_http ?
thank you much for taking time to read all this and reply.
--
Zeus V. Panchenko
IT Dpt., IBS ltd
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.11 11:57] wrote:
> On Mon, Apr 11, 2011 at 11:06:48AM +0300, Zeus V Panchenko wrote:
>
> > pass out log (all) on $if_wan inet proto { tcp, udp } from $if_wan:0 \
> > to any port { $ports_proxy } keep state queue wan_http
>
Thank you Daniel for reply,
Daniel Hartmeier (dan...@benzedrine.cx) [11.04.11 09:18] wrote:
> On Mon, Apr 11, 2011 at 08:45:44AM +0300, Zeus V Panchenko wrote:
> It seems you want log(all), but are only using log, see pf.conf(5):
it didn't help ...
pftop output still shows no lan_ht
an_http
pass out log on $if_lan inet proto { tcp, udp } from any port { $ports_proxy } \
to $if_lan:0 queue lan_http
pass out log on $if_lan inet proto { tcp, udp } from any port { $ports_smb } \
to $if_lan:network queue lan_smb
pass out log on $if_vpn inet proto { tcp, udp
Hi All,
is there any special mode for emacs to edit pf.conf (except conf-mode itself :)
of course), please?
--
Zeus V. Panchenko
IT Dpt., IBS ltdGMT+2 (EET)
___
freebsd-pf@freebsd.org mailing list
http
12 matches
Mail list logo
