Martti Kuparinen wrote:
I think it is, because other-host I was ssh'ing to is in the same server
room (on a different subnet) so the traffic never leaves our house...
Me -----> vlan2000 fw wm0 ---> internet
vlan1128
|
|
v
other-host
All our vlanXXXX interfaces are on top of wm1.
In fact this happens also when I ssh from our server (.2) to the fw (.1) (which is on the same subnet) so something is wrong in our firewall (IPF or something else). The rules in this case are:
block in from any to xxx.xxx.xxx.1 head 104
# PING
pass in on vlan2000 quick proto icmp from any to any icmp-type echo group 104
# Incoming SSH
pass in quick proto tcp from xxx.xxx.xxx.2 to any port = 22 \
flags S keep state keep frags group 104
# Block everything else without any error message
block in log quick all group 104
block out from xxx.xxx.xxx.1 to any head 105
# PING
pass out on vlan2000 quick proto icmp from any to any \
icmp-type echorep group 105
# Allow else everything
pass out quick proto tcp from any to any \
flags S keep state keep frags group 105
pass out quick proto udp from any to any \
keep state keep frags group 105
pass out quick proto icmp from any to any \
icmp-type echo keep state group 105
Martti