[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3.0 current, pf and browsing
On Fri, Feb 22, 2002 at 02:26:14PM +0000, John Gould wrote:
> If I turn off the packet filter with 'pfctl -d' then browsing works and I can
> see the contents of these directories, but of course machines using the
> route through the firewall and NAT don't get through. Has anyone seen this
> before? What is happening to the packets that are being re-directed? This
> machine is to replace a 2.9 box with ipf which worked fine in exactly this
> configuration. Any help would be most appreciated.
Can you explain where in your setup the firewall is? Does it filter the
plain TCP packets, or the encapsulated IPsec packets? If you're doing
NAT on encapsulated packets, are you using 3.0-release or -current? NAT
support for non-TCP/UDP/ICMP protocols was added post 3.0-release.
If you're filtering the packets before encapsulation, make sure all
packets of a connection pass through the firewall. If some packet have
an alternat route (not sure about your description there), they will of
course not be properly translated.