View Single Post
  #6   (View Single Post)  
Old 5th October 2011
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I think I might see the problem. I believe it is possible that the only filter rule that matches non-ICMP traffic between your two internal networks is "block all".

You can confirm this by adding "log" to all of your pass/block rules, and running tcpdump with pflog0. It will show which rule applies to any packet being examined.

In particular your "pass on" multiple interfaces by $Int_if macro may not be producing the results you want. # pfctl -s rules will show you the ruleset with all expansions of macros and lists, and if you use # pfctl -vs rules you get the rule numbers that are used with the pflog tcpdump output.

----

A quick test is to change the block all rule to a pass all. If you can suddenly connect, you know that your PF configuration is the culprit.
Reply With Quote