Date: Mon, 05 Mar 2007 09:21:28 +0000 From: Tom Judge <tom@tomjudge.com> To: Greg Hennessy <Greg.Hennessy@nviz.net> Cc: freebsd-pf@freebsd.org Subject: Re: Tracing packets passing through PF Message-ID: <45EBE118.1010602@tomjudge.com> In-Reply-To: <003901c75e88$c1b7cd40$452767c0$@Hennessy@nviz.net> References: <45E75454.2060302@tomjudge.com> <000601c75ca1$b4d7a570$1e86f050$@Hennessy@nviz.net> <45E7F00B.6010306@tomjudge.com> <001901c75cb1$040435a0$0c0ca0e0$@Hennessy@nviz.net> <45E81AC3.5020304@tomjudge.com> <003901c75e88$c1b7cd40$452767c0$@Hennessy@nviz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Hennessy wrote: >> I have the following rules on lo0: >> > > Have you tried an set skip with a default block log all ? > > > Greg > > The packet is not getting filtered it leaves the host and passes on the wire to the default gateway. There are no issues with the traffic being filtered by the originating hosts firewall, the problem is that the ESP packets next hop is not being modified by the source routing rule and is therefore being sent to the incorrect gateway, where the ISP filters the packet. It is only the ESP traffic that fails to be routed correctly, all other traffic is fine. It is almost as if the ESP packet never enters PF and is transmitted straight out onto the network, hence me starting this thread about being able to trace the packet through the stack. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45EBE118.1010602>