Date: Tue, 2 Feb 2010 04:51:04 -0500 From: Vadym Chepkov <vchepkov@gmail.com> To: dug <dug@xgs-france.com> Cc: freebsd-pf@FreeBSD.org Subject: Re: pf and enc0 Message-ID: <3EFB5293-0CCA-41F7-B5DF-B309197EC343@gmail.com> In-Reply-To: <1FDF0CD4-43E2-449D-9B19-648E8A3EFC8B@xgs-france.com> References: <AF293434-875D-47DD-B78D-75972CD27835@gmail.com> <1FDF0CD4-43E2-449D-9B19-648E8A3EFC8B@xgs-france.com>
next in thread | previous in thread | raw e-mail | index | archive | help
But I don't "block" it, I thought default is to "pass" ? On Feb 2, 2010, at 4:48 AM, dug wrote: > Hello, >=20 > You have to allow this traffic on your enc0 interface. > It's not a bug. >=20 >=20 > Le 2 f=E9vr. 2010 =E0 10:22, Vadym Chepkov a =E9crit : >=20 >> Hi, >>=20 >> I have stumbled on a problem and I am not sure if it's a bug or a = feature. >>=20 >> very simple block rules >>=20 >> # pfctl -sr | grep block=20 >> block return in log on bge0 all >> block return in quick on bge0 from <martians> to any >> block return out quick on bge0 from any to <martians> >>=20 >> bge0 is my WAN interface, I have FreeBSD 6.4 >>=20 >> I enabled IPSEC in my kernel >>=20 >> options FAST_IPSEC >> options IPSEC_NAT_T >> device enc >> device crypto >> device cryptodev >>=20 >> and all works fine until I do 'ifconfig enc0 up' >> after that traffic coming through ipsec tunnel is getting rejected = and I can see it's recorded in pflog0 >>=20 >> I am not sure why and how to prevent this from happening. >>=20 >> Thanks, >> Vadym Chepkov_______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >>=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EFB5293-0CCA-41F7-B5DF-B309197EC343>