I have a set top box, it talks HTTP and multicast. When it powers up, it grabs its firmware via a bootp request to the ISP.
I have created a gif tunnel from my house, to my friends house down the street.
Basically I take the ethernet from the stb, get it to my switch on its own cable, switch assigns it to vlan 420, 420 then ends up going to my pfsense router, via a trunk port (other vlans on it, for lan, wan1, wan2, wan3) where it is supposed to travel over the gif interface to my friends gif interface (also on pfsense) where it goes through the same process, to end up spitting out on his dedicated vlan where magic happens.
The issue is that when I activate the gif tunnel, I can see my traffic going to him. My traffic ends up on his network, equipment on his network replies to the traffic (bootp request for example) it travels out his gif interface, back over the wire to my house, where I can see it if I tcpdump the vlan of the wire for that connection, but I do not see that traffic come in my gif interface, or on vlan420 to be sent to the set top box.
As far as my set top box is concerned, there's nobody out there to talk to it.
I have a pass all rule for both source friends IP, and destination friends IP, on the wan2 vlan. I had it floating before, but I changed it to that.
if I watch pflog0 with host my.friends.source.ip I do not see any entries. If I watch the whole log, I see some traffic, but none of it applies to the gif interface, in or out.
If I watch gif0, I can see my stb send out BOOTP requests.
If I watch the wan2 vlan, I can see encapsulated traffic going from me, to him, then from him back to me, where my box does nothing about it and it never shows up on the wire.
I have changed the two settings for bridge/interface filtering in the sysctls. They are set to net.link.bridge.pfil_member=0 and net.link.bridge.pfil_bridge=1
I know I can't ping the tunnel end points, that's a bug. but clients should still be able to talk, right?
I do not understand what is wrong. Please help.
I've tried turning PF off, and seeing if the traffic passes, but it doesn't seem to.