Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

3.3 pf won't pass corporate security client 1

Status
Not open for further replies.

jaxgent

Technical User
Dec 16, 2003
7
US
I use a corporate laptop on my home network. It uses a security client when connecting to corporate servers.

I don't know what protocol it runs on. Possibly TCP
The TCP section of my pf reads

#### TCP ####
pass out log on $ext_if proto tcp all flags S/SA
keep state queue (q_def, q_pri )

This pf is a borrowed example.

any help would be greatly appreciated
 
jaxgent,

Could you be more specific about this security client? For example, is it a VPN client. If it is a PPTP client, then it will use proto gre and tcp 1723 (pptp). If it is a IPSec client, then it will use proto esp and udp 500 (isakmp). These are the more likely senarios.

With your rules, you say those are borrowed...does that mean you are using those rules...or plan to? Because the first thing I would suggest when trouble-shooting pf is to simplify your ruleset at first, and make sure the desired results hold. Then, add complexity; like queues, flags, etc...

Since you are planning on passing out all tcp traffic anyway, then (as a test, and remaining basic) pass out all udp, esp, and gre traffic as well. That will at least allow you to connect using this security client software you have, and then you can use tcpdump to figure out what ports/protocols, etc...it uses.

Also, one thing to bear in mind: If the security client software you have is an IPSec VPN client...then you may encounter issues using that client behind a NAT device (which many firewalls end up doing). If the above suggestions do not help, this may be your issue.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top