Date: Tue, 13 Jun 2006 19:13:48 +0200 From: Ludovit Koren <lk@tempest.sk> To: kian.mohageri@gmail.com Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD 6.1-RELEASE + PF Message-ID: <20060613.191348.78700760.lk@tempest.sk> In-Reply-To: <fee88ee40606121239y422edb93rdb97c30b48dbeb47@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Mon, 12 Jun 2006 12:39:16 -0700 >>>>> kian.mohageri@gmail.com(Kian Mohageri) said: > > ------=_Part_7080_30143103.1150141156113 > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > Perhaps your application needs specific IP options. PF blocks packets with > IP options set by default. > > Append 'allow-opts' to the relevant rules. > > -Kian > thanks. that was it. lk > On 6/12/06, Ludovit Koren <lk@tempest.sk> wrote: > > > > > > > > Hi, > > > > I have problem to set up PIM and IGMP communication with pf on FreeBSD > > 6.1-RELEASE. > > > > # pfctl -s state > > self igmp 195.28.109.40 -> 224.0.0.2 SINGLE:NO_TRAFFIC > > self igmp 195.28.109.40 -> 224.0.0.13 SINGLE:NO_TRAFFIC > > self igmp 224.0.0.1 <- 195.28.109.25 NO_TRAFFIC:SINGLE > > self igmp 224.0.0.2 <- 195.28.109.40 NO_TRAFFIC:SINGLE > > self igmp 224.0.0.13 <- 195.28.109.40 NO_TRAFFIC:SINGLE > > self tcp 195.28.109.40:22 -> 195.28.109.37:58349 > > ESTABLISHED:ESTABLISHED > > self udp 255.255.255.255:8225 <- 195.28.109.29:1025 > > NO_TRAFFIC:SINGLE > > self pim 195.28.109.40 -> 224.0.0.13 SINGLE:NO_TRAFFIC > > self pim 224.0.0.13 <- 195.28.109.25 NO_TRAFFIC:SINGLE > > self pim 224.0.0.13 <- 195.28.109.40 NO_TRAFFIC:SINGLE > > self pfsync 195.28.109.40 -> 0.0.0.0 SINGLE:NO_TRAFFIC > > > > > > xorp immediately starts to give the following message: > > [ 2006/06/09 17:13:24 WARNING xorp_fea XrlMfeaTarget ] Handling method for > > mfea/0.1/send_protocol_message4 failed: XrlCmdError 102 Command failed > > Cannot send PIMSM_4 protocol message from 195.28.109.40 to 224.0.0.13 on > > vif em0: sendmsg(proto 103 size 34 from 195.28.109.40 to 224.0.0.13 on vif > > em0) failed: Operation not permitted > > [ 2006/06/09 17:13:24 ERROR xorp_pimsm4:18051 PIM +2623 xrl_pim_node.cc > > mfea_client_send_protocol_message_cb ] Cannot send a protocol message: 102 > > Command failed Cannot send PIMSM_4 protocol message from 195.28.109.40 to > > 224.0.0.13 on vif em0: sendmsg(proto 103 size 34 from 195.28.109.40 to > > 224.0.0.13 on vif em0) failed: Operation not permitted > > > > # pfctl -s rules > > scrub in all fragment reassemble > > block drop in log all > > pass in on xl0 inet from <quadia> to 195.28.126.13 keep state > > pass out on xl0 inet from 195.28.126.13 to <quadia> keep state queue dflt > > pass out on xl0 inet from 195.28.126.13 to any keep state queue dflt > > pass out on em0 inet all keep state queue dfltem > > pass out on em1 inet all keep state queue dfltem1 > > pass in proto tcp from any to any port = ssh keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = > > 5060 keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 port = 8000 to > > 195.28.109.40 keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 port = 8001 to > > 195.28.109.40 keep state > > pass in on em0 inet proto tcp from 195.28.109.36 to 195.28.109.40 port = > > nut keep state > > pass in on em0 inet proto tcp from 195.28.109.37 to 195.28.109.40 port = > > http keep state > > pass in on em0 inet proto tcp from 195.28.109.37 to 195.28.109.40 port = > > 4445 keep state > > pass in on em0 inet proto tcp from 195.28.109.88 to 195.28.109.40 port = > > http keep state > > pass in on em0 inet proto tcp from 195.28.109.88 to 195.28.109.40 port = > > 4445 keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port > > 9999:20001 keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = > > domain keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = > > 4520 keep state > > pass in on em0 inet proto udp from 195.28.109.0/24 to 195.28.109.40 port = > > 4569 keep state > > pass in on em0 all keep state > > pass in on em1 all keep state > > > > when I disable the firewall xorp runs as expected. It does not matter > > if I add specific rule for PIM and IGMP or general, i.e. let all > > traffic go through. > > > > Is it a bug in the pf or am I doing something wrong? Any help appreciated. > > > > Regards, > > > > lk > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060613.191348.78700760.lk>