View Single Post
  #3   (View Single Post)  
Old 8th July 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,509

Your pf.conf was damaged when you copied and pasted. Note your "synproxy" got cut, as well as what appears to possibly have been a "modulate state". Next time, copy and paste plain text between [ code ] [ /code ] tags.

I'll guess, for two solutions:

1) You have no pass out for your internal network(s). Remember, PF doesn't know which of your interfaces connect to the Internet. It just knows interfaces, and the direction of traffic. The "rdr pass" only passes the incoming packets, you still need a pass rule for the outgoing packets on your local LANs.

2) If you have not already confirmed it, make sure you have enabled IPv4 packet forwarding in /etc/sysctl.conf.

Robbak is right: put "log" on every blocking filter rule, and use tcpdump.. You might also consider logging all pass rules, too. To watch for blocked traffic, use something like:
# tcpdump -neti pflog0 action block
Reply With Quote