Dear ALL! Maybe someone can help me with my problem? I have no adea what is happening with my packets :( I have 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 box running pf. And i have ipcad daemon running (installed from ports) pf.conf says pass quick on lo0 all and when i'm trying to rsh to ipcad that is listening on anna# netstat -a|grep shell tcp4 0 0 localhost.shell *.* LISTEN anna# rsh -l root localhost show ip accounting i got no replay, but pflog says the following: anna# tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > 127.0.0.1.643: . ack 30 win 65535 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 F..,f._at_......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}... 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > 127.0.0.1.643: . ack 30 win 65535 0x0000: 4600 002c d21d 4000 0306 a5ac 7f00 0001 F..,.._at_......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)]. 0x0020: 5db7 f2f2 5010 ffff 7dce 0000 ]...P...}... The rule for this packet is not a "log" one, but the sign (short) is what i cannot understand. The only place i have found this word is in man pflogd (reason why this packet appers in this log) When i'm disabling pf by pfctl -d everything works just fine and i can get my ip accounting. Best regards, Anton Nikiforov
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:46 UTC