Date: Fri, 6 Jan 2012 12:47:34 +0000 From: Melissa Jenkins <melissa-freebsd@littlebluecar.co.uk> To: freebsd-net@freebsd.org Subject: Re: pf not seeing inbound packets on netgraph interface Message-ID: <79D6C44F-778D-4B07-A78D-52084306CF0F@littlebluecar.co.uk> In-Reply-To: <20120106120011.9CA681065723@hub.freebsd.org> References: <20120106120011.9CA681065723@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>=20 > On Jan 4, 2012, at 12:03 AM, Ermal Lu=E7i wrote: >=20 >> Can you see if on the enc(4) interface pf(4) sees both side of the = traffic? >=20 > I can on enc0. Doing a tcpdump(1) shows me traffic traveling both = ways. Should there be a pf(4) interface for me to listen on? I've = listened on pflog(4), and only seen traffic going one way, even when I = have relevant rules set to "log(all)" >=20 I had this problem when trying to firewall/NAT traffic from MPD - it = appeared that MPD inserts the packets directly into the middle of the = packet flow, without triggering any inbound processing by PF. IPsec does this correctly if you have set the sysctls as per the man = page on enc, as does PopTop and ppp (which was my solution to the MPD = issue) It didn't matter what firewall rules were configured, and this behaviour = was present in the 7 branch as well as 8. Mel=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79D6C44F-778D-4B07-A78D-52084306CF0F>