From owner-freebsd-pf@FreeBSD.ORG Sun Jan 11 16:04:51 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31C9710656CA; Sun, 11 Jan 2009 16:04:51 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 062458FC0A; Sun, 11 Jan 2009 16:04:51 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0BG4oJI083943; Sun, 11 Jan 2009 16:04:50 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0BG4ol6083939; Sun, 11 Jan 2009 16:04:50 GMT (envelope-from linimon) Date: Sun, 11 Jan 2009 16:04:50 GMT Message-Id: <200901111604.n0BG4ol6083939@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/130381: [ip6] ipv6 not fully configured when pf startup script is run X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2009 16:04:52 -0000 Old Synopsis: ipv6 not fully configured when pf startup script is run New Synopsis: [ip6] ipv6 not fully configured when pf startup script is run Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Sun Jan 11 16:04:17 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=130381 From owner-freebsd-pf@FreeBSD.ORG Sun Jan 11 19:00:18 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1826106566C for ; Sun, 11 Jan 2009 19:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A502B8FC23 for ; Sun, 11 Jan 2009 19:00:18 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0BJ0IWX013868 for ; Sun, 11 Jan 2009 19:00:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0BJ0I1v013860; Sun, 11 Jan 2009 19:00:18 GMT (envelope-from gnats) Date: Sun, 11 Jan 2009 19:00:18 GMT Message-Id: <200901111900.n0BJ0I1v013860@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: "Bjoern A. Zeeb" Cc: Subject: Re: conf/130381: [ip6] ipv6 not fully configured when pf startup script is run X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Bjoern A. Zeeb" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jan 2009 19:00:19 -0000 The following reply was made to PR conf/130381; it has been noted by GNATS. From: "Bjoern A. Zeeb" To: bug-followup@FreeBSD.org, sdalu@sdalu.com Cc: Gert Doering Subject: Re: conf/130381: [ip6] ipv6 not fully configured when pf startup script is run Date: Sun, 11 Jan 2009 18:47:45 +0000 (UTC) Gert Doering had complained about this back in November on freebsd-rc: http://docs.freebsd.org/cgi/mid.cgi?20081106125643.GG8535 -- Bjoern A. Zeeb The greatest risk is not taking one. From owner-freebsd-pf@FreeBSD.ORG Mon Jan 12 11:06:57 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1480D10656D6 for ; Mon, 12 Jan 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DA7A58FC3A for ; Mon, 12 Jan 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0CB6uJ7092078 for ; Mon, 12 Jan 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0CB6uGF092074 for freebsd-pf@FreeBSD.org; Mon, 12 Jan 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 12 Jan 2009 11:06:56 GMT Message-Id: <200901121106.n0CB6uGF092074@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2009 11:06:58 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/129060 pf [pf] [tun] pf doesn't forget the old tun IP o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o conf/127511 pf [patch] /usr/sbin/authpf: add authpf folders to BSD.ro o kern/127439 pf [pf] deadlock in pf o kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/82271 pf [pf] cbq scheduler cause bad latency 27 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Jan 13 01:37:11 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 319DC1065670 for ; Tue, 13 Jan 2009 01:37:11 +0000 (UTC) (envelope-from mmitar@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by mx1.freebsd.org (Postfix) with ESMTP id B8E5C8FC12 for ; Tue, 13 Jan 2009 01:37:10 +0000 (UTC) (envelope-from mmitar@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so3854293fgb.35 for ; Mon, 12 Jan 2009 17:37:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=aKg0X7AvkChp42nndhcUy+K6x8G4CqpqCWToc9NzlBE=; b=erIPm1DEcnaoUSDq6pqV5b+cVtTNICiS8ZKbsjqBzN5/yJye8ETUV1rrzbHzZ9F2sn rm4xp5/3Wfj/1ks0k1KICY38xpskKFx1y7sehHZgFH/Qt7IXOdIpyC3Dm1jailz+5z2S 4MI9Sjq6ogJUMhZgSpY4f71AD5VTseAkONgFI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=x2f4R/9pwP3nrZaSM5DzyHq2izvdou8wY4eQ5PZHgrBdTrXY4CwyxHDcdrHRhtFhui BsroBTwuxG3/a9HptZCZOJmlVZItjZIv+5InAA3pktTQ9+/q3+x8xUjuzsBIrXJ9j+X8 0GC6Pj8o0nUXQDzYktd/LIUFmbVN+DJInfXUA= Received: by 10.86.84.5 with SMTP id h5mr17203295fgb.10.1231809290258; Mon, 12 Jan 2009 17:14:50 -0800 (PST) Received: by 10.86.66.9 with HTTP; Mon, 12 Jan 2009 17:14:50 -0800 (PST) Message-ID: Date: Tue, 13 Jan 2009 02:14:50 +0100 From: Mitar To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: rdr pass rule X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 01:37:11 -0000 Hi! I have a system where my daemon is running on a public IP on a high port (so that it does not need root privileges, and it is binded to a public IP as it runs in a jail) and I would like to translate it to a lower port. I would like that just this lower port is publicly accessible. This can be done with: rdr pass on $int_untrust proto tcp from any to $addr_svc port $svc_ext -> $addr_svc port $svc_int This makes only $svc_ext port accessible as $svc_int port is closed (not opened) for traffic. But I would like to assign this traffic to a queue and thus I cannot use pass option. I wanted to create a rdr rule without pass option and a separate pass rule later on. But the problem is that, as far as I understand, pass rules are applied after rdr, so I can set them only on an internal port (to which I am translating public port). But then the question is how can I open this internal port so that it is not opened to a public, only to a traffic coming through a rdr rule? Is there a general way how one can transcribe rdr pass option to a pass rule which would behave in the same way as rdr pass? Mitar From owner-freebsd-pf@FreeBSD.ORG Tue Jan 13 14:51:06 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 099A61065672 for ; Tue, 13 Jan 2009 14:51:06 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 8D7F48FC20 for ; Tue, 13 Jan 2009 14:51:05 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-001-114.pools.arcor-ip.net [88.66.1.114]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1LMkbg06AL-0003Ef; Tue, 13 Jan 2009 15:51:04 +0100 Received: (qmail 94204 invoked from network); 13 Jan 2009 14:51:03 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by mx.laiers.local with SMTP; 13 Jan 2009 14:51:03 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Tue, 13 Jan 2009 15:51:02 +0100 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901131551.03193.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19Zi1HcqC2Sdr8egj15pxvX/71ac+7Uo6DmLwI x/gEirQR+SKsik+gTLYZwhxzboTGIibG0XtJ7egSoRXao1p1iw yjKFrzbQ1B7gqKsnxV+SQ== Cc: Subject: Re: rdr pass rule X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 14:51:06 -0000 On Tuesday 13 January 2009 02:14:50 Mitar wrote: > Hi! > > I have a system where my daemon is running on a public IP on a high > port (so that it does not need root privileges, and it is binded to a > public IP as it runs in a jail) and I would like to translate it to a > lower port. I would like that just this lower port is publicly > accessible. This can be done with: > > rdr pass on $int_untrust proto tcp from any to $addr_svc port $svc_ext > -> $addr_svc port $svc_int > > This makes only $svc_ext port accessible as $svc_int port is closed > (not opened) for traffic. > > But I would like to assign this traffic to a queue and thus I cannot > use pass option. I wanted to create a rdr rule without pass option and > a separate pass rule later on. But the problem is that, as far as I > understand, pass rules are applied after rdr, so I can set them only > on an internal port (to which I am translating public port). But then > the question is how can I open this internal port so that it is not > opened to a public, only to a traffic coming through a rdr rule? > > Is there a general way how one can transcribe rdr pass option to a > pass rule which would behave in the same way as rdr pass? The simplest way off the top of my head: Use a "rdr ... tag"-rule and "pass ... tagged" later on. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Tue Jan 13 19:07:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E83A51065809 for ; Tue, 13 Jan 2009 19:07:26 +0000 (UTC) (envelope-from usgrishin@samaradom.ru) Received: from mx1.samaradom.ru (june.samaradom.ru [85.113.63.225]) by mx1.freebsd.org (Postfix) with ESMTP id 9AC998FC2D for ; Tue, 13 Jan 2009 19:07:26 +0000 (UTC) (envelope-from usgrishin@samaradom.ru) Received: from [10.62.116.37] (port=59456 helo=[192.168.0.15]) by mx1.samaradom.ru with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LMnq2-000FFu-Ua for freebsd-pf@freebsd.org; Tue, 13 Jan 2009 22:18:07 +0400 Message-ID: <496CDAA6.1000600@samaradom.ru> Date: Tue, 13 Jan 2009 22:17:10 +0400 From: Yuriy Grishin User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: ALTQ cbq : borrowing when no tfaffic with higher priority X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: uzgrishin@mail.ru List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 19:07:27 -0000 Hello, I have a gate with some traffic comes directly from it (wget, rtorrent). And I have two computers behind the gate with NAT. My target is to allow to borrow full bandwith for traffic that comes directly from the gate BUT throttle this traffic to minimum rate when the computers behind the gate are active. I wrote the rule set : ------------------------------- ... ##--queues ## real bandwith 1Mb symmetrical channel ## use altq at 97% altq on $ext_if cbq bandwidth 970Kb queue { qme, qmywife, qgateway, qack } queue qme bandwidth 50% priority 3 cbq ( borrow ) queue qmywife bandwidth 30% priority 2 cbq ( borrow ) queue qgateway bandwidth 1% priority 0 cbq ( default borrow ) queue qack bandwidth 19% priority 5 cbq ( borrow ) ##--nat & rdr nat on $ext_if from $int_if:network to any -> $ext_if ##--rules block all pass in on $int_if from $me to any queue (qme, qack) pass in on $int_if from $mywife to any queue (qmywife, qack) .... pass out on $ext_if from $ext_if to any ... ------------------------------- In fact it allows to use ~30% of the link throughput for my wife and 50% for me while the gateway is downloading. It seems that it guarantees bandwidth parameter values only. I don't understand the duty of priority parameter then! How to make the gate get off the link while other computers are downloading? From owner-freebsd-pf@FreeBSD.ORG Tue Jan 13 22:24:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85A511065670 for ; Tue, 13 Jan 2009 22:24:26 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 3124E8FC08 for ; Tue, 13 Jan 2009 22:24:25 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: by yx-out-2324.google.com with SMTP id 8so120764yxb.13 for ; Tue, 13 Jan 2009 14:24:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=cSd6PN4FractWQf2cafWT8UwCjBmMHziHA46edRsX8E=; b=X5ABXCvMgPHARu4LZUISxSPFS3iTXgF+1lr13+EowczOM31745OXbe+tYmXraDgZAP vhxASvnpKaBBRkOVB2cWI4ZVF+rJNm2FwFMN5aI5PjIl/vUiN33eVrhC8Gu7/fg+T1C+ 4/64faIVaGi1vofnpaDWnr3gwpxe926+/HlQY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=XdOdNKSgWWosIc2ImXFeXjiDSdWZeLJu++Kc+BHpZQoMS5caScg2jD7gmehH0i9Oav FmL6thvuVHrZfVAdtF3YXPIMz2Gmv+wBnUz7FveDwfWksdaZYt+xJzaKLUF3KWMRwT6o n7/dkP/hdpMjyOzsu3GmGt1/yhbm0wBo/EdWI= Received: by 10.100.125.12 with SMTP id x12mr16984382anc.4.1231884212687; Tue, 13 Jan 2009 14:03:32 -0800 (PST) Received: from ?192.168.0.100? (CPE-65-29-54-222.wi.res.rr.com [65.29.54.222]) by mx.google.com with ESMTPS id c14sm4522012ana.18.2009.01.13.14.03.30 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 13 Jan 2009 14:03:31 -0800 (PST) From: Mitja To: freebsd-pf@freebsd.org Date: Tue, 13 Jan 2009 16:03:26 -0600 User-Agent: KMail/1.9.10 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901131603.26659.lumiwa@gmail.com> Subject: pflog X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 22:24:26 -0000 Hi! When I check my system with "vmstat" I got: vmstat procs memory page disks faults cpu r b w avm fre flt re pi po fr sr ad0 da0 in sy cs us sy id 0 1 0 425M 434M 62 0 0 0 68 0 0 0 111 838 861 1 1 ******** In the procs section I have all the time b:1 When I check my settings I found that happened after pflog_enable="YES" in rc.conf. I red man pflog but I don't know how to save this "problem". I have FreeBSD 7.1 but the same was on FreeBSD 7.0 too. Thanks in advance... From owner-freebsd-pf@FreeBSD.ORG Wed Jan 14 08:39:46 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E8521065672 for ; Wed, 14 Jan 2009 08:39:46 +0000 (UTC) (envelope-from peter.wullinger@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id 015AE8FC19 for ; Wed, 14 Jan 2009 08:39:45 +0000 (UTC) (envelope-from peter.wullinger@gmail.com) Received: by wa-out-1112.google.com with SMTP id m34so237402wag.27 for ; Wed, 14 Jan 2009 00:39:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :to:subject:cc:in-reply-to:mime-version:content-type:references; bh=4X8ehuMesGouaXD0ahot7Aeib6duTpl+qzktnTJ7j6Q=; b=Rsc/hZORs+xm2z7pok++P8YBYcjsmqjBNqaFpdP3uM9EZbqna1OlQtoEsi7M8k8azW sYMvi7K5aGLQ73l/bXTfwI6NW6JS84cuWMFcTq0kNp+ZYC2+nGdZLdQrDdH8vW9DsT56 HCSJLyZdUSsos5e/c5mx8//LUAwRrBBRI2Nsw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to :mime-version:content-type:references; b=u/fHMdyoXd+JVV6oGWagfWXw0PBVfF47HnooDp/PCknVccmG+Ara8GaxMP09OsV9HH Pgq62BFkpKvu1GVqc9xiIop/l9CYv45PIagDLHMa4M/vu0i8GBYhsyH4FrBTMggR4q9A gto+b8xZNfoLQNoU+onDul1T3eOAIxCZBqY9M= Received: by 10.114.125.18 with SMTP id x18mr20922622wac.220.1231920523168; Wed, 14 Jan 2009 00:08:43 -0800 (PST) Received: by 10.114.173.7 with HTTP; Wed, 14 Jan 2009 00:08:43 -0800 (PST) Message-ID: Date: Wed, 14 Jan 2009 09:08:43 +0100 From: "Peter Wullinger" To: Mitja In-Reply-To: <200901131603.26659.lumiwa@gmail.com> MIME-Version: 1.0 References: <200901131603.26659.lumiwa@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: pflog X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: peter.wullinger@googlemail.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 08:39:46 -0000 Hello, 2009/1/13 Mitja > Hi! > > When I check my system with "vmstat" I got: > > vmstat > procs memory page disks faults > cpu > r b w avm fre flt re pi po fr sr ad0 da0 in sy cs us > sy > id > 0 1 0 425M 434M 62 0 0 0 68 0 0 0 111 838 861 1 > 1 > ******* > In the procs section I have all the time b:1 > I cannot confirm without further information, but the single process blocked/busy here seems to be the "pflogd" daemon waiting for incoming packets on the pflog0 interface. If you read the man page for pflogd(8), where exactly is the "problem"? Regards, Peter From owner-freebsd-pf@FreeBSD.ORG Wed Jan 14 22:26:28 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4AB91065743; Wed, 14 Jan 2009 22:26:28 +0000 (UTC) (envelope-from vwe@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9B8A38FC29; Wed, 14 Jan 2009 22:26:28 +0000 (UTC) (envelope-from vwe@FreeBSD.org) Received: from freefall.freebsd.org (vwe@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0EMQSX4095316; Wed, 14 Jan 2009 22:26:28 GMT (envelope-from vwe@freefall.freebsd.org) Received: (from vwe@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0EMQSn1095312; Wed, 14 Jan 2009 22:26:28 GMT (envelope-from vwe) Date: Wed, 14 Jan 2009 22:26:28 GMT Message-Id: <200901142226.n0EMQSn1095312@freefall.freebsd.org> To: vwe@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: vwe@FreeBSD.org Cc: Subject: Re: kern/103281: pfsync reports bulk update failures X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 22:26:30 -0000 Synopsis: pfsync reports bulk update failures Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: vwe Responsible-Changed-When: Wed Jan 14 22:26:18 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=103281 From owner-freebsd-pf@FreeBSD.ORG Wed Jan 14 22:26:53 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0D7711065746; Wed, 14 Jan 2009 22:26:53 +0000 (UTC) (envelope-from vwe@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D843E8FC25; Wed, 14 Jan 2009 22:26:52 +0000 (UTC) (envelope-from vwe@FreeBSD.org) Received: from freefall.freebsd.org (vwe@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0EMQq2A095363; Wed, 14 Jan 2009 22:26:52 GMT (envelope-from vwe@freefall.freebsd.org) Received: (from vwe@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0EMQqXo095359; Wed, 14 Jan 2009 22:26:52 GMT (envelope-from vwe) Date: Wed, 14 Jan 2009 22:26:52 GMT Message-Id: <200901142226.n0EMQqXo095359@freefall.freebsd.org> To: vwe@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: vwe@FreeBSD.org Cc: Subject: Re: kern/103283: pfsync fails to sucessfully transfer some sessions X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 22:26:54 -0000 Synopsis: pfsync fails to sucessfully transfer some sessions Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: vwe Responsible-Changed-When: Wed Jan 14 22:26:42 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=103283 From owner-freebsd-pf@FreeBSD.ORG Sat Jan 17 04:55:46 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9E2A1065673 for ; Sat, 17 Jan 2009 04:55:46 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: from web38201.mail.mud.yahoo.com (web38201.mail.mud.yahoo.com [209.191.124.144]) by mx1.freebsd.org (Postfix) with SMTP id 8166D8FC17 for ; Sat, 17 Jan 2009 04:55:46 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: (qmail 52085 invoked by uid 60001); 17 Jan 2009 04:55:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=C5Q+js4wMNea1kc3Miy5IvzRJYMdvDKGCwutbn4yVVNejY2jtKGaXz+EVIxxJ4IgX044nzkiwgZp9rtHDyGiZ6wAbFT2Su8RUL2FzlKD1hk84m1vsIkivzvQS2vz3oIrjvhts+I3SPbPG+4lGrHvaQjxjCoT8OpXNbvOZc1w3Hw=; X-YMail-OSG: O3lGLvgVM1l81SVSSqDnk1RWCTWI8PWr5jrmjLTEnUiV4s85ZmwC5Hb2m.ysB7BkiJveNvhbIlAHFxXa3TxS7Uoxt76YeyV6Ltcw0S4LkKpku_.hBStUmQFNt9eQuBH.Xaxhah0Wou25CWZAG8BVldnPlz.JDbc_XhwIFLOFOBD_njPo_.Ua5LjFi28- Received: from [71.104.112.61] by web38201.mail.mud.yahoo.com via HTTP; Fri, 16 Jan 2009 20:55:45 PST X-Mailer: YahooMailRC/1156.82 YahooMailWebService/0.7.260.1 Date: Fri, 16 Jan 2009 20:55:45 -0800 (PST) From: Tommy Pham To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <886151.51833.qm@web38201.mail.mud.yahoo.com> Subject: Re: [OT?] help w/ ip route to (cancel) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2009 04:55:47 -0000 ----- Original Message ----=0AFrom: Tommy Pham =0ATo: f= reebsd-pf@freebsd.org=0ASent: Friday, January 16, 2009 8:39:36 PM=0ASubject= : [OT?] help w/ ip route to=0A=0AHi,=0A=0AI have this simple setup.=0A< int= ernet >=A0 ---- < FreeBSD w/ pf > ---- < LAN >=0AThe wan is 10.1.1.32/29 an= d LAN is 10.10.10.0/24.=0A=0AUsing PF, Is it possible to route an internal = IP say 10.10.10.21=A0=0Aso that all outbound traffic from it=A0appear to be= from 10.1.1.36 on =0Athe WAN?=A0 Or do I need to change the routing FreeBS= D?=0A=0AThanks,=0ATommy=0A=0A=0Anvm... I forgot about 1:1 mapping :D=0AThan= ks!! From owner-freebsd-pf@FreeBSD.ORG Sat Jan 17 05:06:18 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4717106567E for ; Sat, 17 Jan 2009 05:06:18 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: from web38203.mail.mud.yahoo.com (web38203.mail.mud.yahoo.com [209.191.124.146]) by mx1.freebsd.org (Postfix) with SMTP id 8C0778FC26 for ; Sat, 17 Jan 2009 05:06:18 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: (qmail 18965 invoked by uid 60001); 17 Jan 2009 04:39:37 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=RdI8IrO0+K9PaweoZgUKMm4VomwXWl0K4LOcN59w2aO1gjGiKyT149kc1GJtcX+tYVeU6xDrLhOb57KBMqWuoRdt/dcfVFgI4hlphPRGf8KPejFMNB5RxrCN8jHIOMyGheNlcdEfRrFkwm4QoRsBATO7sShCQjG32iN0HvITfi0=; X-YMail-OSG: DGyHR8kVM1mryxV5R.GZnBMKmAPpTJaTtOIGcN2BJDgBTP.NqPOkB__iunvPCHZJsTV.giYKuPXJxbaGuXqHcVw9zbztPbe7V2xHQTnwpxJLp_sb_Wh5rHGNtr0SbxG7l92HxNO.mZFoVR4.PPptJ8U3K4XOlYV5V554VuGvbW2yQk23BH6cRDZ_Ghk- Received: from [71.104.112.61] by web38203.mail.mud.yahoo.com via HTTP; Fri, 16 Jan 2009 20:39:36 PST X-Mailer: YahooMailRC/1156.82 YahooMailWebService/0.7.260.1 Date: Fri, 16 Jan 2009 20:39:36 -0800 (PST) From: Tommy Pham To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <151994.18927.qm@web38203.mail.mud.yahoo.com> Subject: [OT?] help w/ ip route to X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2009 05:06:19 -0000 Hi,=0A=0AI have this simple setup.=0A< internet >=A0 ---- < FreeBSD w/ pf >= ---- < LAN >=0AThe wan is 10.1.1.32/29 and LAN is 10.10.10.0/24.=0A=0AUsin= g PF, Is it possible to route an internal IP say 10.10.10.21=A0=0Aso that a= ll outbound traffic from it=A0appear to be from 10.1.1.36 on =0Athe WAN?=A0= Or do I need to change the routing FreeBSD?=0A=0AThanks,=0ATommy From owner-freebsd-pf@FreeBSD.ORG Sat Jan 17 18:18:33 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94587106566B for ; Sat, 17 Jan 2009 18:18:33 +0000 (UTC) (envelope-from allicient3141@googlemail.com) Received: from mail-bw0-f20.google.com (mail-bw0-f20.google.com [209.85.218.20]) by mx1.freebsd.org (Postfix) with ESMTP id E35CF8FC17 for ; Sat, 17 Jan 2009 18:18:32 +0000 (UTC) (envelope-from allicient3141@googlemail.com) Received: by bwz13 with SMTP id 13so7214577bwz.19 for ; Sat, 17 Jan 2009 10:18:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=5HG1kz7SN0mhRt2esEgdkPjqyDKrj5MfL8CZfNTyc6A=; b=Zb5zATkP4SvEHmf1l5V+AOcaNSd2fG4/0XsWVj6tjEnp3uVjONlm+Rg3DDENkFCqwM UVF4iuqKDprtGEyFlpMGZKulmw45tAfHkXS2gHilSnjN7hDAY+Beq4OUCgEU1dR+LH71 WxfHCtqoUuh9c36eexGY898QDX/X3Dx4xIy8o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=aMjh1Uq3LdnE2MSFSYMXoPbBEq9/Q8+8ruEr68SPZ9/SzhheXmkgfsEbeL5OdP+LV/ wtz1A5mRq5JpQydryhdSYpA3RgFbc/PHWX4YyU4V+E8qLPl4NWxbYUImY3Gmm+MmDqTS N7fgSxgNvEcUL/hSonWS5jCfwSii5nuHmWVuw= Received: by 10.180.239.8 with SMTP id m8mr1334328bkh.165.1232216311681; Sat, 17 Jan 2009 10:18:31 -0800 (PST) Received: by 10.181.200.2 with HTTP; Sat, 17 Jan 2009 10:18:31 -0800 (PST) Message-ID: <7731938b0901171018j78895dacx8cb1af2dd3a54122@mail.gmail.com> Date: Sat, 17 Jan 2009 18:18:31 +0000 From: "Peter Maxwell" Sender: allicient3141@googlemail.com To: freebsd-pf@freebsd.org In-Reply-To: <886151.51833.qm@web38201.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <886151.51833.qm@web38201.mail.mud.yahoo.com> X-Google-Sender-Auth: 5993f045c783acd7 Subject: Re: [OT?] help w/ ip route to (cancel) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jan 2009 18:18:34 -0000 Tommy, As I think you've discovered, you're probably after a NAT solution here rather than source/policy based routing. Best wishes, Peter 2009/1/17 Tommy Pham : > ----- Original Message ---- > From: Tommy Pham > To: freebsd-pf@freebsd.org > Sent: Friday, January 16, 2009 8:39:36 PM > Subject: [OT?] help w/ ip route to > > Hi, > > I have this simple setup. > < internet > ---- < FreeBSD w/ pf > ---- < LAN > > The wan is 10.1.1.32/29 and LAN is 10.10.10.0/24. > > Using PF, Is it possible to route an internal IP say 10.10.10.21 > so that all outbound traffic from it appear to be from 10.1.1.36 on > the WAN? Or do I need to change the routing FreeBSD? > > Thanks, > Tommy > > > nvm... I forgot about 1:1 mapping :D > Thanks!! > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >