It feels like I'm slowly slipping into insanity, although I see some progress by now.
I think the problem rather lies within stateful rules / nat than in icmp...
I tried to open a tcp connection to a google webserver by using
Code:
$ nc -v -w 1 74.125.132.106 80
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connection timed out.
The result on the BSD box
Code:
rule 5/(match) block in on vr0: 192.168.0.3.50118 > 74.125.132.106.80: S 1884520729:1884520729(0) win 29200 <mss 1460,sackOK,timestamp 6781807 0,nop,wscale 7> (DF)
rule 5/(match) block in on vr0: 192.168.0.3.50118 > 74.125.132.106.80: S 1884520729:1884520729(0) win 29200 <mss 1460,sackOK,timestamp 6782808 0,nop,wscale 7> (DF)
Again, when I uncomment the line
Code:
pass in log quick on $if_lan from $if_lan:network
it worked just fine...
Does my ruleset maybe miss anything regarding NAT / stateful rules (which is my humble assumption)