[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stumped, Act 2 (Re: Stumped)

I changed the asterisk variable to point to another server inside my network (one IP address away) and then watched tcpdump output and the packets are flowing (to the wrong address mind you). Now why would it not work with the original address? The PF box has full IP connectivity to the asterisk server.

The box *is* a suse 9.2 linux box and does act weird on the network - for example I can't telnet in using putty, but I can from a windows command prompt (same box). I really wish I didn't have to run linux :(

Oh well, looks like PF isn't the problem.

Thanks anyway ..


Tim Pushor wrote:

Hi Wolfgang,

I know my ruleset is too loose, but I want to get it working first before I start to tighten it down.

I tink a pass out log on $int_if proto udp from any to $asterisk port 5060
pass out on $int_if proto udp from any to $asterisk port 9999
Is missing!
(check if it get blockt by the "block log all" if yes IMHO it block also the packet to form the FW to the asterix (via the int_if).
And tink about the "from any to $asterisk" in my roule, posibil more open as you like.

Well, I do have this rule which should allow it:

pass out on $int_if from any to $internal_nets

Also, I am watching the log. I have a log on my block all, and also on the rule that should allow the SIP to pass. I see that rule triggered in the log (as I pasted in my original email), but no block. I don't think its the filter. (Also in the 'pass' rule log I see that the destination address is, which is my redir'd address so the redirs are working.

I am just wondering why I wouldn't see the traffic on my Internal interface??