From owner-freebsd-pf@FreeBSD.ORG Sun Feb 18 10:56:01 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38F2116A400 for ; Sun, 18 Feb 2007 10:56:01 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from home.quip.cz (grimm.quip.cz [213.220.192.218]) by mx1.freebsd.org (Postfix) with ESMTP id EFF1413C47E for ; Sun, 18 Feb 2007 10:56:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from [192.168.1.2] (qwork.quip.test [192.168.1.2]) by home.quip.cz (Postfix) with ESMTP id 33ECC62ED for ; Sun, 18 Feb 2007 11:25:41 +0100 (CET) Message-ID: <45D829A4.1050808@quip.cz> Date: Sun, 18 Feb 2007 11:25:40 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: How to supress ALTQ warning? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2007 10:56:01 -0000 Hi all, I have PF as loadable module without ALTQ support because I do not use ALTQ. Every pfctl command emits warning to stderr: ----- No ALTQ support in kernel ALTQ related functions disabled ----- Is there any option to supress this but only this warning message? (I am using pfctl in some shell scripts and I want see error messages, but not this one) Thanks for your help. Miroslav Lachman From owner-freebsd-pf@FreeBSD.ORG Sun Feb 18 12:03:41 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7B5DD16A400 for ; Sun, 18 Feb 2007 12:03:41 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id 2194513C4B8 for ; Sun, 18 Feb 2007 12:03:40 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 26304 invoked by uid 0); 18 Feb 2007 13:03:36 +0100 Date: 18 Feb 2007 13:03:36 +0100 Message-ID: <20070218120336.26272.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 125, Issue 6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2007 12:03:41 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Sun Feb 18 18:43:45 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D9B9A16A400 for ; Sun, 18 Feb 2007 18:43:45 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: from qsmtp4.mc.surewest.net (qsmtp.mc.surewest.net [66.60.130.145]) by mx1.freebsd.org (Postfix) with SMTP id BD26813C491 for ; Sun, 18 Feb 2007 18:43:45 +0000 (UTC) (envelope-from drew@mykitchentable.net) Received: (qmail 23382 invoked from network); 18 Feb 2007 10:10:50 -0800 Received: by simscan 1.1.0 ppid: 23344, pid: 23346, t: 7.6024s scanners: regex: 1.1.0 attach: 1.1.0 clamav: 0.84/m:42/d:2533 spam: 3.0.3 Received: from unknown (HELO blacklamb.mykitchentable.net) (66.205.146.210) by qsmtp4 with SMTP; 18 Feb 2007 10:10:42 -0800 Received: from [192.168.1.3] (bigdaddy.mykitchentable.net [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with ESMTP id 73895164A37 for ; Sun, 18 Feb 2007 10:16:50 -0800 (PST) Message-ID: <45D89824.8070802@mykitchentable.net> Date: Sun, 18 Feb 2007 10:17:08 -0800 From: Drew Tomlinson User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on qsmtp4.surewest.net X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=AWL,BAYES_00, RCVD_IN_SORBS_DUL autolearn=no version=3.0.3 Subject: Confused With pf Rule Evaluation X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Feb 2007 18:43:45 -0000 I have used ipfw2 on FBSD for about 6 years now. Then I started using a VoIP phone and began to fiddle with dummynet to shape the traffic. I had limited success and instead of fiddling further, I decided to migrate to pf and ALTQ. My network is fairly simple. I have a FreeBSD 6.1 box with two NICs. dc1 is attached to a DSL modem that is bridged so it looks like a direct Internet connection. dc0 is connected to my internal LAN. I have a few PCs and the "gizmo" (as the SunRocket VoIP provider calls it) behind my firewall on the internal LAN. My basic goal is to allow all outbound traffic from my internal LAN and only replies to that traffic back in. I also have a few services running (http, smtp, etc.) and I want to allow connections in to those services. And above all, traffic from the "gizmo" should have first priority over all other traffic because when the phone doesn't work, my wife complains LOUDLY. :) I followed the guide at http://www.bgnett.no/~peter/pf/en/index.html to set up my pf.conf file. From my reading, it is my understanding that unlike ipfw2, pf is "last match wins" unless the rule has the "quick" modifier. However I'm seeing behavior that I don't understand. In my rule set, I have these rules to allow inbound traffic to one of my services: pass proto udp to bigdaddy port $bigdaddy_ip_services keep state pass proto tcp to bigdaddy port $bigdaddy_ip_services flags S/SA \ keep state Then further down, I have this rule to place traffic to one of the specific services in the $bigdaddy_ip_services macro in a low priority queue: pass in on $int_if proto { tcp, udp } from bigdaddy port 49143 \ keep state queue (low_out, ack_out) After loading this rule set, 'pftcl -vvs queue' shows very little traffic in the 'low_out' queue. Most of it ends up in the default queue. However if I remove this rule and change the ones above to: pass proto udp to bigdaddy port $bigdaddy_ip_services keep state \ queue (low_out, ack_out) pass proto tcp to bigdaddy port $bigdaddy_ip_services flags S/SA \ keep state queue (low_out, ack_out) Then I see the results I expect with 'pftcl -vvs queue'. The 'low_out' queue has lots of traffic passing through it. I don't understand why. I have to admit there's a lot I don't understand about pf. If someone has the time to help me get a rule set that acheives my goals, I'd really appreciate it. I've posted my complete rule set at http://drew.mykitchentable.net/Temp/pf.conf.htm. Please note that in some cases I replaced actual port lists with letters. Thus if you see a list such as "{ a, b, c, d }", you'll know why. Thanks, Drew -- Be a Great Magician! Visit The Alchemist's Warehouse http://www.alchemistswarehouse.com From owner-freebsd-pf@FreeBSD.ORG Mon Feb 19 11:08:29 2007 Return-Path: X-Original-To: freebsd-pf@FreeBSD.org Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7C86816A4CA for ; Mon, 19 Feb 2007 11:08:29 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 6C33213C441 for ; Mon, 19 Feb 2007 11:08:29 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1JB8TNw021431 for ; Mon, 19 Feb 2007 11:08:29 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1JB8S26021427 for freebsd-pf@FreeBSD.org; Mon, 19 Feb 2007 11:08:28 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 19 Feb 2007 11:08:28 GMT Message-Id: <200702191108.l1JB8S26021427@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2007 11:08:29 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o sparc/93530 pf Incorrect checksums when using pf's route-to on sparc6 3 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- f conf/81042 pf [pf] [patch] /etc/pf.os doesn't match FreeBSD 5.3->5.4 o kern/93825 pf [pf] pf reply-to doesn't work o kern/103304 pf pf accepts nonexistent queue in rules o kern/106400 pf fatal trap 12 at restart of PF with ALTQ if ng0 device 4 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Feb 19 12:04:34 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3160C16A402 for ; Mon, 19 Feb 2007 12:04:34 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id C44C213C4BB for ; Mon, 19 Feb 2007 12:04:33 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 28610 invoked by uid 0); 19 Feb 2007 13:04:29 +0100 Date: 19 Feb 2007 13:04:29 +0100 Message-ID: <20070219120429.28577.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2007 12:04:34 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Mon Feb 19 13:55:46 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3CE216A407 for ; Mon, 19 Feb 2007 13:55:46 +0000 (UTC) (envelope-from moonbluez@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id 3DD7813C4BA for ; Mon, 19 Feb 2007 13:55:46 +0000 (UTC) (envelope-from moonbluez@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so514312ugh for ; Mon, 19 Feb 2007 05:55:45 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:mime-version:content-type; b=qbptUQHsMriF0gPRQ8YLVO5qeg1vmEjwda0ndHV5o7hA95FvSJ21vkL8xLOYD65iiBupjJ/uxX/1tJxVfIw5zsyndLRRyxZjr9WnjvU9m0ecnIrOOTJUHN3EOdipNg0GH6j9Q9Nl0cDe31evcxBqDXRUPjWLk6415r1mfxDe6uI= Received: by 10.78.106.3 with SMTP id e3mr1038728huc.1171891684333; Mon, 19 Feb 2007 05:28:04 -0800 (PST) Received: by 10.78.123.17 with HTTP; Mon, 19 Feb 2007 05:28:04 -0800 (PST) Message-ID: <1bdd14300702190528i2ddbae3lb8070b1a4c7b574e@mail.gmail.com> Date: Mon, 19 Feb 2007 20:28:04 +0700 From: MoonblueZ To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: xDSL n Dial up connection ??? help X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2007 13:55:46 -0000 ---------- ----------- | ISP 1 | | ISP 2 | ---------- ----------- | | (DHCP) | | (DHCP) | | ----- ----- Dial up --> | | | | <-- xDSL ----- ----- \ / ---------------- | router | ---------------- | | -------------------- I have some problem here, about how to setting freebsd router which have two link like topology above. i want the router have automatically detected if xDSL link has down n swicth the link to dial up automatically. even so was the reverse if link xDSL has up n dial up is disconnect automatically.. thnx From owner-freebsd-pf@FreeBSD.ORG Tue Feb 20 12:46:30 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DAB4516BB22 for ; Tue, 20 Feb 2007 12:06:50 +0000 (UTC) (envelope-from snklusov@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.freebsd.org (Postfix) with ESMTP id 7798813C4A8 for ; Tue, 20 Feb 2007 12:06:50 +0000 (UTC) (envelope-from snklusov@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so688942ugh for ; Tue, 20 Feb 2007 04:06:49 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:reply-to:x-priority:message-id:to:subject:mime-version:content-type:content-transfer-encoding; b=kLwrXS51Y1oEk+0EVkAK9Ejri3DrPQaaFdEqEZT8XC+qcvuGCs/1nDGW1lQx7Xx4eCGWupumlKrvtTcgAfdlT8m5iEyioCUQdx6EOd8NGg20YzEBhhZMgtqyYLqtv2aBEshOOCL5sWgA59XaoqYVJfzk/3U0fBM7z8xYrrMT0Qs= Received: by 10.67.97.7 with SMTP id z7mr8116206ugl.1171973208988; Tue, 20 Feb 2007 04:06:48 -0800 (PST) Received: from ?10.1.1.59? ( [212.76.164.162]) by mx.google.com with ESMTP id j1sm10637026ugf.2007.02.20.04.06.46; Tue, 20 Feb 2007 04:06:48 -0800 (PST) Date: Tue, 20 Feb 2007 17:06:45 +0500 From: Sergey Klusov X-Priority: 3 (Normal) Message-ID: <913541362.20070220170645@gmail.com> To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: anchor X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sergey Klusov List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2007 12:46:30 -0000 Hello, i'm trying to use anchors on freebsd6.0 and can't get it working right. Here is my example: pfctl -f - < X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C782C16D800 for ; Tue, 20 Feb 2007 15:06:02 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id 6A1B913C4A5 for ; Tue, 20 Feb 2007 15:06:02 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 30816 invoked by uid 0); 20 Feb 2007 16:05:58 +0100 Date: 20 Feb 2007 16:05:58 +0100 Message-ID: <20070220150558.30784.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Feb 2007 15:19:16 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Wed Feb 21 12:03:25 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9F65916EE0D for ; Wed, 21 Feb 2007 12:03:25 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id 3FAFB13C441 for ; Wed, 21 Feb 2007 12:03:25 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 16640 invoked by uid 0); 21 Feb 2007 13:03:22 +0100 Date: 21 Feb 2007 13:03:22 +0100 Message-ID: <20070221120322.16608.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 3 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2007 12:03:25 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Thu Feb 22 12:05:56 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BC7F316A4AB for ; Thu, 22 Feb 2007 12:05:56 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id CD5BE13C49D for ; Thu, 22 Feb 2007 12:05:55 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 29641 invoked by uid 0); 22 Feb 2007 13:05:50 +0100 Date: 22 Feb 2007 13:05:50 +0100 Message-ID: <20070222120550.29640.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 4 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2007 12:05:57 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Fri Feb 23 12:03:15 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 14AB716A40D for ; Fri, 23 Feb 2007 12:03:15 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id A732A13C467 for ; Fri, 23 Feb 2007 12:03:14 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 5280 invoked by uid 0); 23 Feb 2007 13:03:08 +0100 Date: 23 Feb 2007 13:03:08 +0100 Message-ID: <20070223120308.5248.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 5 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2007 12:03:15 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Sat Feb 24 12:05:51 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3B7316A406 for ; Sat, 24 Feb 2007 12:05:51 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: from vz-linux-01-vps-245.datacomm.ch (vz-linux-01-vps-245.datacomm.ch [212.40.19.245]) by mx1.freebsd.org (Postfix) with ESMTP id 4485113C4A7 for ; Sat, 24 Feb 2007 12:05:50 +0000 (UTC) (envelope-from johan@terrettaz.ch) Received: (qmail 8968 invoked by uid 0); 24 Feb 2007 13:05:45 +0100 Date: 24 Feb 2007 13:05:45 +0100 Message-ID: <20070224120545.8967.qmail@vz-linux-01-vps-245.datacomm.ch> From: johan@terrettaz.ch To: freebsd-pf@freebsd.org CC: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Content-Disposition: inline Subject: Re: freebsd-pf Digest, Vol 126, Issue 6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 12:05:51 -0000 Cette adresse email n'existe plus, vous pouvez contacter Johan Tornay à sa nouvelle adresse : johan.tornay@terrettaz.ch Merci de votre compréhension Terrettaz Informatique http://www.terrettaz.ch info@terrettaz.ch From owner-freebsd-pf@FreeBSD.ORG Sat Feb 24 19:58:49 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4B30116A402 for ; Sat, 24 Feb 2007 19:58:49 +0000 (UTC) (envelope-from chris.scott@uk.tiscali.com) Received: from mk-ironport-1-in.mail.uk.tiscali.com (mk-ironport-1-in.mail.uk.tiscali.com [212.74.96.52]) by mx1.freebsd.org (Postfix) with ESMTP id E182A13C428 for ; Sat, 24 Feb 2007 19:58:48 +0000 (UTC) (envelope-from chris.scott@uk.tiscali.com) Received: from internal.mail.uk.tiscali.com ([212.74.96.51]) by mk-ironport-1-in.mail.uk.tiscali.com with ESMTP; 24 Feb 2007 19:29:07 +0000 X-BrightmailFiltered: true X-IronPort-AV: i="4.14,215,1170633600"; d="scan'208"; a="65860905:sNHT29321460" Received: from [10.44.30.80] (port=49313 helo=[10.44.30.80]) by internal.mail.uk.tiscali.com with esmtp (Exim 4.43 #1 (FreeBSD)) id 1HL2Zv-0002tu-IB for ; Sat, 24 Feb 2007 19:29:07 +0000 Message-ID: <45E09204.70500@uk.tiscali.com> Date: Sat, 24 Feb 2007 19:29:08 +0000 From: chris scott User-Agent: Thunderbird 1.5.0.9 (X11/20070104) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ftp-proxy -S option X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 19:58:49 -0000 Hi all, I'm having a few issues with ftp-proxy. Specifically the -S switch. First a bit of background. I am trying to get my ftp connections to spread reasonably evenly over multiple public ip addresses to a specific server. Im not going into the reasons why as its not really relevant. The way I am doing this is to run multiple instances of ftp-proxy on mulitple loopback addresses. I am getting them to use a difference source address for their data connections. e.g. rdr on $int_if proto tcp from any to y.y.y.y port ftp -> {127.0.0.1, 127.0.0.2, 127.0.0.3 } port 8021 round-robin eg my xinetd conf service ftp-proxy { socket_type = stream protocol = tcp wait = no bind = 127.0.0.1 user = root server = /usr/libexec/ftp-proxy server_args = -S x.x.x.90 #-S x.x.x.90 -D 4 } service ftp-proxy { socket_type = stream protocol = tcp wait = no user = root bind = 127.0.0.2 server = /usr/libexec/ftp-proxy server_args = -S x.x.x..92 # -S x.x.x.92 -D 4 } service ftp-proxy { socket_type = stream protocol = tcp wait = no bind = 127.0.0.3 user = root server = /usr/libexec/ftp-proxy server_args = -S x.x.x.93 #-S x.x.x.93 -D 4 } the firewall bit is working fine and balancing to connections across the proxys $ ps uaxw| grep ftp-prox proxy 85292 0.4 0.1 1524 928 ?? Ss 7:14PM 0:05.78 ftp-proxy -S x.x.x.90 proxy 85281 0.3 0.1 1524 928 ?? Ss 7:13PM 0:06.57 ftp-proxy -S x.x.x.90 proxy 84903 0.3 0.1 1524 928 ?? Ss 7:00PM 0:15.81 ftp-proxy -S x.x.x.93 proxy 84785 0.2 0.1 1524 928 ?? Ss 6:59PM 0:16.75 ftp-proxy -S x.x.x.92 proxy 85282 0.1 0.1 1524 928 ?? Rs 7:13PM 0:06.08 ftp-proxy -S x.x.x.92 proxy 84426 0.0 0.1 1524 932 ?? Is 6:45PM 0:03.19 ftp-proxy -S x.x.x.92 proxy 84464 0.0 0.1 1524 932 ?? Is 6:46PM 0:02.28 ftp-proxy -S x.x.x.93 proxy 85283 0.0 0.1 1524 928 ?? Ss 7:13PM 0:06.70 ftp-proxy -S x.x.x.93 proxy 85293 0.0 0.1 1524 928 ?? Ss 7:14PM 0:05.77 ftp-proxy -S x.x.x.92 however the proxy never binds to the correct address. Just the 1st address on the interface. $ sockstat | grep ftp-p | grep 212 proxy ftp-proxy 85616 4 tcp4 x.x.x.90:52626 y.y.y.y:21 proxy ftp-proxy 85616 5 tcp4 x.x.x.90:56106 y.y.y.y:52709 proxy ftp-proxy 85615 4 tcp4 x.x.x.90:58237 y.y.y.y:21 proxy ftp-proxy 85615 5 tcp4 x.x.x.90:53315 y.y.y.y:49947 proxy ftp-proxy 85614 4 tcp4 x.x.x.90:56103 y.y.y.y:21 proxy ftp-proxy 85614 5 tcp4 x.x.x.90:56914 y.y.y.y:50567 proxy ftp-proxy 85606 4 tcp4 x.x.x.90:53223 y.y.y.y:21 proxy ftp-proxy 85606 5 tcp4 x.x.x.90:55990 y.y.y.y:56187 proxy ftp-proxy 85605 4 tcp4 x.x.x.90:64966 y.y.y.y:21 proxy ftp-proxy 85605 5 tcp4 x.x.x.90:65267 y.y.y.y:62529 proxy ftp-proxy 85558 4 tcp4 x.x.x.90:58623 y.y.y.y:21 proxy ftp-proxy 85558 5 tcp4 x.x.x.90:54959 y.y.y.y:61487 proxy ftp-proxy 84903 4 tcp4 x.x.x.90:51710 y.y.y.y:21 proxy ftp-proxy 84903 5 tcp4 x.x.x.90:50683 y.y.y.y:59277 proxy ftp-proxy 84785 4 tcp4 x.x.x.90:53081 y.y.y.y:21 proxy ftp-proxy 84785 5 tcp4 x.x.x.90:49415 y.y.y.y:57069 proxy ftp-proxy 84464 4 tcp4 x.x.x.90:54277 y.y.y.y:21 proxy ftp-proxy 84426 4 tcp4 x.x.x.90:63585 y.y.y.y:21 Can anyone shed any light. I have tried the -s swich and that just bombs the proxy completely as does using both of them together. k From owner-freebsd-pf@FreeBSD.ORG Sat Feb 24 23:58:30 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A03A16A476 for ; Sat, 24 Feb 2007 23:58:30 +0000 (UTC) (envelope-from spam_quarantine@xserve1.eeinternational.org) Received: from xserve1.eeinternational.org (50-36-13-69.cust.propagation.net [69.13.36.50]) by mx1.freebsd.org (Postfix) with ESMTP id 2171D13C481 for ; Sat, 24 Feb 2007 23:58:30 +0000 (UTC) (envelope-from spam_quarantine@xserve1.eeinternational.org) Received: from localhost (localhost [127.0.0.1]) by xserve1.eeinternational.org (Postfix) with ESMTP id CFCF3370F781 for ; Sat, 24 Feb 2007 17:44:17 -0600 (CST) Received: from xserve1.eeinternational.org ([127.0.0.1]) by localhost (50-36-13-69.cust.propagation.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 01958-08 for ; Sat, 24 Feb 2007 17:44:17 -0600 (CST) Received: by xserve1.eeinternational.org (Postfix, from userid 2624) id 10C5A3701AA3; Sat, 24 Feb 2007 17:23:30 -0600 (CST) To: freebsd-pf@freebsd.org From: no-reply@bussinesideas.com Message-Id: <20070224232330.10C5A3701AA3@xserve1.eeinternational.org> Date: Sat, 24 Feb 2007 17:23:30 -0600 (CST) X-Virus-Scanned: by amavisd-new at eeinternational.org MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: http://leet.110mb.com The latest bussiness idea ! X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Feb 2007 23:58:30 -0000 Hello ! We are sorry if we distrubed you . Your email is in our email bank . We found out that you are an active bussiness man ,so we were wondering of you are interested in a bussiness offer . If so , please check out site for all the info. http://leet.110mb.com We apologise again if this e-mail bottered you in anyway . Thank you !