Date: Thu, 02 Aug 2007 17:37:06 +0200 From: "Frank Behrens" <frank@pinky.sax.de> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: pf eates syn packet? Message-ID: <200708021537.l72Fb69k004919@pinky.frank-behrens.de> In-Reply-To: <200708021715.25167.max@love2party.net> References: <200708021502.l72F2PCu004207@pinky.frank-behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier <max@love2party.net> wrote on 2 Aug 2007 17:15: > Can you follow up with the complete pf.conf you are using? The "state I'll send you the complete file in a personal mail. > insert failed" error suggests a logic problem in your config (or a missed > PF_TAG_GENERATED somewhere). It seems that the same packet is run > through the firewall twice, generating state on the first run, but not > matching it on the second ... somehow strange. As I wrote in my 1st message the following statements may produce the problem: nat inet from !tun2-address to any port = http -> tun2-address nat on tun0 inet from <intern> to any -> tun0-address .... pass out quick on tun0 route-to (tun2 tun2-peer) inet from tun2-address to any keep state pass out quick on tun2 route-to (tun0 tun0-peer) inet from tun0-address to any keep state The reason for this setup is, that I want to use policy based routing. The http port ist an easy to test example. I have 2 DSL/pppoe connections with NAT and tun0 has the default route assigned. I want - route some traffic from LAN (NATed) to tun2 - route some traffic from gateway to tun2 May be there is a better solution? Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708021537.l72Fb69k004919>