Thread: Newbie NAT problem
View Single Post
  #2   (View Single Post)  
Old 25th June 2008
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default
The external NIC of your server has IP address 10.0.0.2, which is in your $nonroute macro, and thus get blocked. To check if this true add the following "log" modifiers.
Code:
block log all
....
block  drop in  log quick on $if_ext from $nonroute to any
block  drop out log quick on $if_ext from any to $nonroute
As root run
Code:
tcpdump -eni pflog0
and you will see all blocked packets of your ruleset.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote