Date: Sat, 31 Mar 2007 19:37:47 -0400 From: "Vadym Chepkov" <vchepkov@gmail.com> To: <freebsd-pf@freebsd.org> Subject: Re: packet filter and amanda Message-ID: <00f801c773ed$96fbb470$0610a8c0@chepkov.lan>
next in thread | raw e-mail | index | archive | help
I forgot to mention, I see those packets in log only when I comment out scrub If scrub in all option is on, packets just disappear :( > Hello everybody, > > I finally gave up, maybe somebody can help me. > I have a router with FreeBSD 6.2-RELEASE-p1 with custom buld kernel: > > device pf # PF OpenBSD packet-filter firewall > device pflog # logging support interface for PF > > I am using amanda to backup a client which is behind router with pf > running > > amanda server - FreeBSD pf - amanda client > > I compiled amanda with tcp/udp port ranges but I can get that far. > I expect this rule to allow amanda server to connect to amanda client: > > pass out quick on $dmz_if proto udp from $amanda_server to any port 10080 > keep state > > Unfortunately, not all packets match this rule. > When I added this rule below, it works fine,, but it's too permissive > > pass out log quick on $dmz_if from $amanda_server to any > > These are packets that I can see in the log and I can't understand, why it > doesn't match my rule. > > 18:27:38.740741 IP (tos 0x0, ttl 63, id 61548, offset 0, flags [+], > proto: UDP (17), length: 1500) 192.168.17.2.859 > 192.168.16.2.10080: UDP, > length 1892 > 18:27:38.740752 IP (tos 0x0, ttl 63, id 61548, offset 1480, flags [none], > proto: UDP (17), length: 440) 192.168.17.2 > 192.168.160.2: udp > > Could you tell me, what I am doing wrong, please. > > Thank you, > Vadym Chepkov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00f801c773ed$96fbb470$0610a8c0>