Date: Sat, 13 Sep 2008 09:56:16 GMT From: Andrey Golenischev <work@megasid.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/127345: Problem with PF on FreeBSD7.0 Message-ID: <200809130956.m8D9uGuZ058445@www.freebsd.org> Resent-Message-ID: <200809131000.m8DA04iv009561@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127345 >Category: kern >Synopsis: Problem with PF on FreeBSD7.0 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Sep 13 10:00:03 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Andrey Golenischev >Release: 7.0-p4 >Organization: Infocom >Environment: FreeBSD testbox 7.0-RELEASE-p4 FreeBSD 7.0-RELEASE-p4 #0: Fri Sep 5 14:51:15 EEST 2008 megasid@testbox:/usr/src/sys/i386/compile/TESTBOX i386 >Description: I upgraded this release from 6.2 (just buy a new hdd and install 7.0, upgrade via freebsd-update and copy all configs). 7.0 is working pretty good but i get strange problem with PF. Look on this rules: table <propusk> { 10.0.0.1, 10.0.1.1 } block out on vlan0 from any to any block out on vlan1 from any to any block out on vlan2 from any to any pass out on vlan0 from <propusk> to any pass out on vlan1 from <propusk> to any pass out on vlan2 from <propusk> to any On FreeBSD 6.2 this scheme is working pretty good. Packets from 10.0.0.1 passed to this vlan-s without any problems. When i install 7.0 some clients start to call me and ask that they pinging 10.0.0.1 and 10.0.1.1 from their PC's but cannot connect by pptp to this hosts. I spend a lot of time to monitor all my routers and switches about any access lists and so on. But i do not think that something changes in PF algorithm. When i comment this "block" lines in PF - clients can connect to pptp and all is good. Did something changes in PF and if this is not a bug - how i should change a syntax of this rules? If this is a bug - write my name somewhere on FreeBSD board like "This man catch a bug in PF" :) >How-To-Repeat: Just make a scheme like i describe above. >Fix: Hmm.. temporary i start using ipfw for this scheme. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809130956.m8D9uGuZ058445>