View Single Post
  #4   (View Single Post)  
Old 30th December 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

All I can tell, at this point, are two things:

1) Your dmz_net macro uses an incorrect CIDR. It overlaps priv_nets, and goes beyond the RFC 1918 address range. Your priv_nets, 192.168.0.0/16 covers the addresses 192.168.0.0 thru 192.168.255.255.

2) Since your DMZ lan is included in priv_nets, and both are only used for antispoofing, it appears to be unnecessary.

----

You have a default gateway address of 0.0.0.1, which I find very odd, but it still routes through your pppoe0 connection, so I don't think that is anything to worry about. It might be a pppoe-ism. I'm not familiar with pppoe.

You pass ICMP echo requests, without specifying any interface, so I am not sure why you are unable to successfully ping.

Further diagnostics will require the use of tcpdump(8). I recommend using it with the pflog(4) device. If you change your pass/block rules to "pass log..." and "block log..." you can see what rule was applied to any particular packet, either a pass or a block. Some people only log blocking rules, as they are uninterested in which pass rules apply to particular packets.
Reply With Quote