From owner-freebsd-pf@FreeBSD.ORG Thu Mar 31 06:18:56 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF0AB16A4CE for ; Thu, 31 Mar 2005 06:18:56 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E64C43D46 for ; Thu, 31 Mar 2005 06:18:56 +0000 (GMT) (envelope-from jarthel@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so303164rng for ; Wed, 30 Mar 2005 22:18:55 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=tp+XxoCxlQHOYBE4t7xQ9vncI6pRGXrXJ1qF9b96RwJ5nvO7FD931/rDxLk5uONNZYsyyg39s4YOP4VmFWk6Bh1nQ7914SSg+uJDb7c39ctsIRaRPFs4UecxtpJ1rSKaWnFxFmW8YBZusWHuV+IQ06TdJYxvIbFEYzu7j9wtryE= Received: by 10.38.160.52 with SMTP id i52mr1259774rne; Wed, 30 Mar 2005 22:18:55 -0800 (PST) Received: by 10.38.151.8 with HTTP; Wed, 30 Mar 2005 22:18:55 -0800 (PST) Message-ID: Date: Thu, 31 Mar 2005 16:18:55 +1000 From: Jayel Villamin To: freebsd-pf@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: weird PF behavior X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Jayel Villamin List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2005 06:18:56 -0000 Here's a rough sketch of the home network FBSD 5.3 box ===>>> xl0 ===>>> ADSL modem ===>>> xl1 ===>>> 10/100 Mbps switch ===>>> several Windows PC are connected to the switch ===>>> xl2 ===>>> Windows PC (via x-over cable). This is the FTP server. I have an FTP server running in a windows box with IP = 192.168.2.2 here's a snippet of my rules ========== ext_if = "tun0" elayne_ftp_service = "19985:19989" elayne = "192.168.2.2/32" rdr on $ext_if proto tcp from any to ($ext_if) port $elayne_ftp_service -> $elayne block log all #This is the very first rule after the nat/rdr rules pass in quick on $ext_if inet proto tcp from any to $elayne port { $elayne_ftp_service } flags S/SA keep state ============ Looking at the PF FAQ in openbsd.org, this seem to be correct. But when I try to connect from work to the FTP, I get the following tcpdump entries: ===================== 15:44:38.009604 IP SOURCE_IP_HIDDEN_FOR_PRIVACY.43318 > TARGET_IP_HIDDEN_FOR_PRIVACY.19989: S 1052116979:1052116979(0) win 49640 15:44:41.423697 IP SOURCE_IP_HIDDEN_FOR_PRIVACY.43318 > TARGET_IP_HIDDEN_FOR_PRIVACY.19989: S 1052116979:1052116979(0) win 49640 =================== If I change the last rule in the snippet to: =========== pass in quick inet proto tcp from any to $elayne port { $elayne_ftp_service } flags S/SA keep state =========== it works. Well I thought that having "on $ext_if" is correctly as well as the traffic from work to home FTP server must pass thru $ext_if. Any ideas for this behavior? Thanks