Step 0: Make sure all pass and block rules log their actions.
Step 1. Make sure net.inet.ip.forwarding=1.
Step 2. Use "# tcpdump -neti pflog0" to see what rule # is blocking
Step 3. Use "# pfctl -vvsr" to see match the number to the rule"
Lather. Rinse. Repeat.
|