View Single Post
  #4   (View Single Post)  
Old 1st December 2008
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503

If you wonder why something is not being logged, just run tcpdump on the interface the traffic is going through.

If I have to debug a firewall with an external and internal NIC, I usually ssh in to the box from my X workstation. In each ssh session I run tcpdump.
  1. On the external interface
    tcpdump -ni re0
  2. On the internal interface
    # tcpdump -ni bge0 not port ssh
    Note the 'not port ssh' filter, to prevent pollution of the tcpdump output with my own ssh traffic.
  3. On the pflog device
    # tcpdump -eni pflog0
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote