I've added log all to pflog1 to the rule and now tcpdump on pflog1 shows strange things. (I've removed the logging option for the ex-pflog1 rule). It should be showing nothing, but in fact it shows every packet going trough the $ext_if:
Code:
# tcpdump -nevi pflog1
12:21:58.555064 rule 4294967295/0(match): pass in on rl0: (tos 0x50, ttl 119, id 63193, offset 0, flags [DF], proto TCP (6), length 64) 79.100.183.215.17771 > 192.168.0.34.40556: [|tcp]
12:21:58.555458 rule 4294967295/0(match): pass out on rl0: (tos 0x0, ttl 63, id 8391, offset 0, flags [DF], proto TCP (6), length 1492) 192.168.1.2.52251 > 79.100.183.215.17771: [|tcp]
...
First - why all the packets are logged in pflog?
Second - what is that "rule 4294967295/0(match)" ? I obviosly doesn't have so much rules. Which rule is matched?
Third - do "scrub in all" logs to pflog?
Fourth - what are these sessions doing in pflog? I mean when I fire netstat (on both - the router machine and the 0.34 nat client machine) it doesn't show any of the IPs and ports shown at tcpdump.