[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3.0 current, pf and browsing

To: John Gould <johng@powinv.co.uk>
Subject: Re: 3.0 current, pf and browsing
From: Daniel Hartmeier <daniel@benzedrine.cx>
Date: Fri, 22 Feb 2002 16:12:47 +0100
Cc: misc@openbsd.org
Content-Disposition: inline
References: <Pine.LNX.4.20.0202221406390.16130-100000@skeletor.powinv.co.uk>
User-Agent: Mutt/1.2.5.1i

On Fri, Feb 22, 2002 at 02:26:14PM +0000, John Gould wrote:

> If I turn off the packet filter with 'pfctl -d' then browsing works and I can
> see the contents of these directories, but of course machines using the
> route through the firewall and NAT don't get through. Has anyone seen this
> before? What is happening to the packets that are being re-directed? This
> machine is to replace a 2.9 box with ipf which worked fine in exactly this
> configuration. Any help would be most appreciated.

Can you explain where in your setup the firewall is? Does it filter the
plain TCP packets, or the encapsulated IPsec packets? If you're doing
NAT on encapsulated packets, are you using 3.0-release or -current? NAT
support for non-TCP/UDP/ICMP protocols was added post 3.0-release.
If you're filtering the packets before encapsulation, make sure all
packets of a connection pass through the firewall. If some packet have
an alternat route (not sure about your description there), they will of
course not be properly translated.

Daniel

Follow-Ups:
- Re: 3.0 current, pf and browsing
  - From: John Gould <johng@powinv.co.uk>

References:
- 3.0 current, pf and browsing
  - From: John Gould <johng@powinv.co.uk>

Prev by Date: Re: popa3d install
Next by Date: Re: VPN W2K client
Prev by thread: 3.0 current, pf and browsing
Next by thread: Re: 3.0 current, pf and browsing
Index(es):
- Date
- Thread