[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PF & Citrix ICA
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: PF & Citrix ICA
- From: TheSG <thesg_(_at_)_cox_(_dot_)_net>
- Date: Mon, 04 Jul 2005 11:58:22 -0400
I have been struggling with this issue for a few days now. I have a
Citrix server (customer site) that I cannot connect to through my
OpenBSD 3.7 pf firewall. I am able to reach this Citrix server if I go
direct (no firewall). I know the Citrix server is open to everyone on
the Internet. However, something is happening when my Windows client
passes through the OpenBSD pf firewall - I do not receive any packets
back from the Citrix server. I have tcpdump running on the outside and
inside of the firewall and I see the match rules that allow out from the
Inside interface then out the outside interface but I never see any
traffic back from the Citrix server.
My rules are simple. I have actually done a pass in log all keep state &
pass out log all keep state in my rules with nothing else (no block or
pass) and it still fails. I see the traffic go through the pf box but
never see anything from the Citrix server.
I do know this Citrix server is being firewalled by a Check Point NG
firewall. I do not believe they are running any IDS or anything else
that would block my connection attempts.
Has anyone got this to work? If so, what does the rule(s) look like?