Date: Mon, 26 Mar 2007 02:32:34 +0200 From: Volker <volker@vwsoft.com> To: Andrew Thompson <thompsa@freebsd.org> Cc: Andre Albsmeier <Andre.Albsmeier@siemens.com>, freebsd-pf@freebsd.org Subject: Re: 6.2-STABLE: enc0 sees only outgoing packets in pf Message-ID: <460714A2.3090703@vwsoft.com> In-Reply-To: <20070324185928.GC45070@heff.fud.org.nz> References: <20070323115043.GA6991@curry.mchp.siemens.de> <46052572.9070402@vwsoft.com> <20070324185928.GC45070@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry... my experimental setup has had a mistake. I've re-read my posting and checked everything. What did get my attention was: > But incoming traffic still passes: > rule 29/0(match): pass in on enc0: (tos 0x0, ttl 64, id 58618, > offset 0, flags [none], proto: ICMP (1), length: 84) 194.180.156.137 >> > 10.1.1.1: ICMP echo request, id 26909, seq 0, length 64 Which means, rule 29 was letting this packet pass. I've checked rule 29 and found the mistake. This is letting (on one tunnel endpoint) traffic through by a table of IP addresses and mistakenly the internal IP address of the remote tunnel endpoint is in there. Will correct that and do another test. Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460714A2.3090703>