Comments inline...
2009/7/14 Aleksic Predrag :
> On Tue, 14 Jul 2009 01:22:06 +0100
> Peter Maxwell wrote:
>
> > Can you post the output of: pfctl -s r
>
> # pfctl -sr
> scrub in all random-id fragment reassemble
> block drop log (all) all
> block drop in on sk0 inet proto icmp all icmp-type ec
On Tue, 14 Jul 2009 01:22:06 +0100
Peter Maxwell wrote:
> Can you post the output of: pfctl -s r
# pfctl -sr
scrub in all random-id fragment reassemble
block drop log (all) all
block drop in on sk0 inet proto icmp all icmp-type echoreq
block drop out log (all) quick on sk0 from any to
block dr
Hi Aleksic,
On a cursory glance, your pf.conf looks ok. The tcpdump you supplied
is showing both incoming and outgoing packets being blocked which is
wierd - why would there be a return packet if the initial SYN didn't
get through?
Can you post the output of: pfctl -s r
What happens if you try
Hello Aleksic:
>
> no nat on $extIF inet proto {tcp, udp} from $intIF:network to
> $intIF2:network
> no nat on $extIF inet proto {tcp, udp} from $intIF2:network to
> $intIF:network
>
If nothing else, these rules won't match because the traffic isn't
traversing the External Interface.
no nat on $
