Date: Wed, 7 May 2008 13:54:17 -0400 From: "Kevin K" <kkutzko@teksavvy.com> To: "'Ansar Mohammed'" <ansarm@gmail.com>, <freebsd-pf@freebsd.org> Subject: RE: UDP weirdness Message-ID: <005101c8b06b$5f0743c0$1d15cb40$@com> In-Reply-To: <004f01c8b068$89c89350$9d59b9f0$@com> References: <004f01c8b068$89c89350$9d59b9f0$@com>
next in thread | previous in thread | raw e-mail | index | archive | help
Try pass out proto udp from any to any port 53 > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd- > pf@freebsd.org] On Behalf Of Ansar Mohammed > Sent: Wednesday, May 07, 2008 1:34 PM > To: freebsd-pf@freebsd.org > Subject: UDP weirdness > > I have a very simple configuration yet I am bemused as to what I am > doing > wrong. > > > Windows 2003 <- FreeBSD-PF -> Windows 2003 > 192.168.3.2 192.168.3.1 192.168.2.2 192.168.2.130 > Here are my rules > > > ext_if="le0" > int_if="le1" > int_net="192.168.3.0/24" > ext_net="192.168.2.0/24" > int_addr="192.168.3.1" > ext_addr="192.168.2.2" > scrub on $ext_if all reassemble tcp > scrub on $int_if all reassemble tcp > block in log all > pass in proto icmp from any to any > pass in proto udp from any to any port 53 > pass in on $ext_if inet proto tcp from any to any port 3389 > > > DNS traffic is allowed though but the return packet gets blocked. Can > anyone > explain why? > This is true on ALL UDP traffic TCP traffic works well > > Pflog message: > > 065276 rule 0/0(match): block in on le1: 192.168.3.2.53 > > 192.168.2.130.3837: [|domain] > > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005101c8b06b$5f0743c0$1d15cb40$>