From owner-freebsd-pf@FreeBSD.ORG Sun Jan 13 22:04:38 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BCDD16A418 for ; Sun, 13 Jan 2008 22:04:38 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.177]) by mx1.freebsd.org (Postfix) with ESMTP id 35CA713C45D for ; Sun, 13 Jan 2008 22:04:38 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so2680218pyb.10 for ; Sun, 13 Jan 2008 14:04:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=/inFK8lEiAaV7NZ2j7d1JlmEmsdR4d2VNaEtAJuNtTc=; b=FifBx0WDelCoMzX5FefNrNNwMKcQULR5hWpwU6P3WvbmG7tMbMVxlm4A2+1/hXSZyY9DYr8tCvmraRreza9dDFHg8Ib+JVnuRmbUd0xYw8/+4d/rTRPEx9ceAVmgqPlZ/7gU/0EfwcU3SgD4UGUBxj9gBpMm29P7+Z6lZWMIG3c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MEO5+slUnFVfXPa0fS/OMmJhoeUkQVfC+bSnJhQB5erewIKH+xB5aCwtjPORudsMqCbcrNUOxpErlSZnFIPJFR+REGy1gGs1jNZQaPKL+RNl/E6VD05k+Q+Vd0Tdro699WFq90dFOWk5ynbqQLKw0i7AGKIQ1w/+lY3xsLQ5mjI= Received: by 10.65.244.15 with SMTP id w15mr12835431qbr.38.1200261877279; Sun, 13 Jan 2008 14:04:37 -0800 (PST) Received: by 10.64.184.9 with HTTP; Sun, 13 Jan 2008 14:04:37 -0800 (PST) Message-ID: <8e10486b0801131404ne3c2339o3493a938046f2018@mail.gmail.com> Date: Sun, 13 Jan 2008 20:04:37 -0200 From: "Alexandre Biancalana" To: "Scott Ullrich" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200710272311.09059.max@love2party.net> <200712091835.33608.max@love2party.net> <8e10486b0801090741k605d7183gfb8bbdfa55fce331@mail.gmail.com> <200801110408.22724.max@love2party.net> <8e10486b0801102018h4f417a4ex900bdaeb078bd29e@mail.gmail.com> <8e10486b0801110252w452f3e4asf438beb6297eb1f@mail.gmail.com> <8e10486b0801110949u1593e427wc24493b98d0003d2@mail.gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: carpdev ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2008 22:04:38 -0000 On 1/11/08, Scott Ullrich wrote: > Thank you. Do you see the states on the backup machine when it is in the > backup status mode? > > pfctl -ss > > You should see a similar output on the backup machine as the primary. Yes, the output is the same... > > > BTW: I did not know about ifconfig interconnect... Cool stuff!! This is just a convention, ifconfig em0 name interconnect, it's really cool !! Any other idea ? From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 11:07:04 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9244B16A41A for ; Mon, 14 Jan 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8C2CF13C4E8 for ; Mon, 14 Jan 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0EB74DI052636 for ; Mon, 14 Jan 2008 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0EB73LV052632 for freebsd-pf@FreeBSD.org; Mon, 14 Jan 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 14 Jan 2008 11:07:03 GMT Message-Id: <200801141107.m0EB73LV052632@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 11:07:04 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/110698 pf [pf] nat rule of pf without "on" clause causes invalid o bin/116610 pf [patch] teach tcpdump(1) to cope with the new-style pf o kern/117827 pf [pf] [panic] kernel panic with pf and ng 5 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work o kern/106400 pf [pf] fatal trap 12 at restart of PF with ALTQ if ng0 d s conf/110838 pf tagged parameter on nat not working on FreeBSD 5.2 o kern/114095 pf [carp] carp+pf delay with high state limit o kern/114567 pf [pf] LOR pf_ioctl.c + if.c f kern/116645 pf [RFE] pfctl -k does not work in securelevel 3 o kern/118355 pf [pf] [patch] pfctl help message options order false -t 8 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 15:21:15 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 212A016A46E; Mon, 14 Jan 2008 15:21:15 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C310813C45A; Mon, 14 Jan 2008 15:21:13 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0EFLDVM033737; Mon, 14 Jan 2008 15:21:13 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0EFLDVH033733; Mon, 14 Jan 2008 15:21:13 GMT (envelope-from linimon) Date: Mon, 14 Jan 2008 15:21:13 GMT Message-Id: <200801141521.m0EFLDVH033733@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 15:21:15 -0000 Synopsis: [pf] "queue (someq, empy_acks)" doesn't work Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Mon Jan 14 15:21:00 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=119661 From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 16:27:26 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8D5F16A420; Mon, 14 Jan 2008 16:27:26 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A9BCE13C4F3; Mon, 14 Jan 2008 16:27:26 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from freefall.freebsd.org (mlaier@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0EGRQjL079926; Mon, 14 Jan 2008 16:27:26 GMT (envelope-from mlaier@freefall.freebsd.org) Received: (from mlaier@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0EGRQMw079922; Mon, 14 Jan 2008 16:27:26 GMT (envelope-from mlaier) Date: Mon, 14 Jan 2008 16:27:26 GMT Message-Id: <200801141627.m0EGRQMw079922@freefall.freebsd.org> To: ino-news@spotteswoode.dnsalias.org, mlaier@FreeBSD.org, freebsd-pf@FreeBSD.org From: mlaier@FreeBSD.org Cc: Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 16:27:27 -0000 Synopsis: [pf] "queue (someq, empy_acks)" doesn't work State-Changed-From-To: open->feedback State-Changed-By: mlaier State-Changed-When: Mon Jan 14 16:26:05 UTC 2008 State-Changed-Why: Works for me with the exact same rule. Can you provide more details to freebsd-pf@ for discussion and analysis? http://www.freebsd.org/cgi/query-pr.cgi?pr=119661 From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 19:05:07 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1CE716A418 for ; Mon, 14 Jan 2008 19:05:07 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5055313C447 for ; Mon, 14 Jan 2008 19:05:07 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JETWY-00031I-Av for freebsd-pf@freebsd.org; Mon, 14 Jan 2008 17:55:02 +0000 Received: from d463cd57.datahighways.de ([212.99.205.87]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 14 Jan 2008 17:55:02 +0000 Received: from ino-news by d463cd57.datahighways.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 14 Jan 2008 17:55:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-pf@freebsd.org From: ino-news@spotteswoode.dnsalias.org (clemens fischer) Date: Mon, 14 Jan 2008 18:51:04 +0100 Lines: 66 Message-ID: <81ks55x2dm1.ln2@nntp.spotteswoode.dnsalias.org> References: <200801141521.m0EFLDVH033733@freefall.freebsd.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: d463cd57.datahighways.de X-Archive: encrypt=none User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/7.0-PRERELEASE (i386)) Sender: news Cc: freebsd-bugs@freebsd.org Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 19:05:07 -0000 On Mon, 14 Jan 2008 15:21:13 GMT linimon@ wrote: > Over to maintainer(s). > http://www.freebsd.org/cgi/query-pr.cgi?pr=119661 and mlaier@ wrote: > Works for me with the exact same rule. Can you provide more details > to freebsd-pf@ for discussion and analysis? first of, thanks for testing and verifying the rule. i was afraid to even start experimenting after a few tries. 'uname -rims' -> FreeBSD 7.0-PRERELEASE i386 spott_fbsd7_i386 soo, the solution to my problem needs rewriting the rules a little bit. if i do this: logging="log (all)" q_interactive="queue (interactive, tcp_ack)" set skip on lo0 set debug urgent scrub in all # Queueing: rule-based bandwidth control. altq on $ext_if $ext_if_bw cbq queue { dflt, background, interactive, tcp_ack } queue dflt bandwidth 15% cbq(default) queue interactive bandwidth 50% priority 5 cbq(borrow) queue background bandwidth 30% priority 3 cbq(red) queue tcp_ack bandwidth 5% priority 7 cbq(borrow) ... pass out $logging \ proto tcp \ from any to ! \ modulate state \ label "$nr: outbound $proto keep state" $q_interactive the rules are not parsed correctly. the last rule simply disappears without any error message. but if i write that particular rule as: ... pass out $logging \ proto tcp \ from any to ! \ modulate state \ $q_interactive label "$nr: outbound $proto keep state" (note the reversal of the label and the queue option) the rule is parsed and seems to work correctly. if you study the output of "pfctl -sa", you'll see: pass out log (all) proto tcp from any to ! flags S/SA \ modulate state label "27: outbound tcp keep state" \ queue(interactive, tcp_ack) which is the way i wrote it in the first place. pf.conf(5) specifies no particular order in the BNF. it seems to be a problem of the rule parser. as there's an easy workaround, i'll post a followup to the PR to that effect and would like you to close it. regards, clemens From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 19:30:03 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 31B7C16A417 for ; Mon, 14 Jan 2008 19:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1748C13C455 for ; Mon, 14 Jan 2008 19:30:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0EJU3QO004259 for ; Mon, 14 Jan 2008 19:30:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0EJU2An004256; Mon, 14 Jan 2008 19:30:02 GMT (envelope-from gnats) Date: Mon, 14 Jan 2008 19:30:02 GMT Message-Id: <200801141930.m0EJU2An004256@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: clemens fischer Cc: Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: clemens fischer List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 19:30:03 -0000 The following reply was made to PR kern/119661; it has been noted by GNATS. From: clemens fischer To: bug-followup@freebsd.org, ino-news@spotteswoode.dnsalias.org Cc: Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work Date: Mon, 14 Jan 2008 20:02:47 +0100 as it turns out, the BNF in pf.conf(5) is wrong and the rule listing by "pfctl -sa" gets it wrong, too. the former doesn't imply a particular order of filter options and the latter displays them in a way that cannot be specified as input in etc/pf.conf. to get: pass out log (all) proto tcp from any to any flags S/SA modulate state \ label "27: outbound tcp keep state" \ queue(interactive, tcp_ack) you must write: pass out log (all) proto tcp from any to any modulate state \ queue (interactive, tcp_ack) \ label "$nr: outbound $proto keep state" if you reverse the order of "queue (...)" and "label ...", the rule doesn't get parsed at all with no error report. regards, clemens From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 14:20:05 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28A9116A419 for ; Tue, 15 Jan 2008 14:20:05 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0495513C4CC for ; Tue, 15 Jan 2008 14:20:04 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JEme2-0002vm-C7 for freebsd-pf@freebsd.org; Tue, 15 Jan 2008 14:20:02 +0000 Received: from cairn.ints.net ([194.44.58.121]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 15 Jan 2008 14:20:02 +0000 Received: from c.kworr by cairn.ints.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 15 Jan 2008 14:20:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-pf@freebsd.org From: Volodymyr Kostyrko Date: Tue, 15 Jan 2008 15:44:02 +0200 Lines: 39 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: cairn.ints.net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU; rv:1.8.1.11) Gecko/20071205 SeaMonkey/1.1.7 Sender: news Subject: rfc1323 and scrub: window scaling X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 14:20:05 -0000 It seems that I have failed to properly configure my machine to allow windows scaling. Whenever another host connects to my machine with window scaling enabled my host stop respond to his request after certain number of seconds. However, if I forcefully turn off rfc1323 support on my machine or "that other machine". Everything works just fine. Also with rfc1323 on my config produces two states per connection, each one for one direction of packets - in and out. With rfc1323 off only one state is produced. Here is my config: set timeout { adaptive.start 8000, adaptive.end 12000 } set ruleset-optimization basic set block-policy return set skip on lo0 scrub all fragment reassemble reassemble tcp random-id outside="xl0" table persist block log all pass quick proto {icmp,icmp6} all keep state block quick proto tcp from to any port 22 # $outside pass out on $outside from ($outside) to any pass out on $outside proto tcp from ($outside) to any modulate state pass in on $outside proto udp from any to {($outside),($outside:broadcast)} port {0:1023,12039,13616,20397} pass in on $outside proto tcp from any to {($outside),($outside:broadcast)} port {0:1023,2049,6881:6882,12039,20393} modulate state -- Sphinx of black quartz judge my vow. From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 19:57:42 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D454316A420 for ; Tue, 15 Jan 2008 19:57:42 +0000 (UTC) (envelope-from nullpt@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.178]) by mx1.freebsd.org (Postfix) with ESMTP id B7E7E13C4CE for ; Tue, 15 Jan 2008 19:57:42 +0000 (UTC) (envelope-from nullpt@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so4734224waf.3 for ; Tue, 15 Jan 2008 11:57:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=FLscZ2jTqO1KVSJLDec5qLostHShsH52e40aEjmZrzk=; b=CqXzVtOGEcme7fXPDXMz2Rwd17Pwb37z3PnBB9xkryae/FJygjPVn/htAVCqrSknfIDAEHY0SAKbDmSAIeiJWCeqPzumT2uNRS3ZS9A7G9+ODCxbITGvWOU4RAXP7zVWrSs20SWjJgm+zlD1g8qi5Usrk8+IxuMoBHI1nOrFXQI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=S2M4OOP4VwgpCjCbdO3GoP9qBLcdajOa06ORLx2ZxGHXoLbrpmPUtPOXgfTgD1vXZ/hzMi9Lie6i1PpIZcVTiCC3h4axMB28Hn4RTc0l8Nal/4+/f2iLa6V4hm4LZONVaWGGCQgXsqqvYvsq24+NEPQEctBLg2I13NlSZahWPG8= Received: by 10.114.150.1 with SMTP id x1mr5235313wad.46.1200425361657; Tue, 15 Jan 2008 11:29:21 -0800 (PST) Received: by 10.114.240.9 with HTTP; Tue, 15 Jan 2008 11:29:21 -0800 (PST) Message-ID: <755cb9fc0801151129h6e519557g7ea33e4190196fed@mail.gmail.com> Date: Tue, 15 Jan 2008 19:29:21 +0000 From: "Alexandre Vieira" To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org, freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Relayd (former hoststated) status for freebsd 7.0RC1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 19:57:42 -0000 Hello all, I remember that there was a port (net/hoststated) where I could install hoststated to use with PF. Anyone can shed a light on what is the status of this software implementation on 7.0? TIA -- Alexandre Vieira - nullpt@gmail.com From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 20:24:59 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C03916A46B; Tue, 15 Jan 2008 20:24:59 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by mx1.freebsd.org (Postfix) with ESMTP id 375DC13C458; Tue, 15 Jan 2008 20:24:58 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 73EA28A5B2; Tue, 15 Jan 2008 15:24:58 -0500 (EST) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Tue, 15 Jan 2008 15:24:58 -0500 X-Sasl-enc: f+RIxgWQUf8h+Z2/rNcoiWpz/0zHocnMRs3QAGcBqyHq 1200428698 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 5C07E2A5B6; Tue, 15 Jan 2008 15:24:56 -0500 (EST) Message-ID: <478D1694.8010906@FreeBSD.org> Date: Tue, 15 Jan 2008 20:24:52 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.6 (X11/20070928) MIME-Version: 1.0 To: Alexandre Vieira References: <755cb9fc0801151129h6e519557g7ea33e4190196fed@mail.gmail.com> In-Reply-To: <755cb9fc0801151129h6e519557g7ea33e4190196fed@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Relayd (former hoststated) status for freebsd 7.0RC1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 20:24:59 -0000 Alexandre Vieira wrote: > Hello all, > > I remember that there was a port (net/hoststated) where I could install > hoststated to use with PF. Anyone can shed a light on what is the status of > this software implementation on 7.0? > Perhaps ports/net/ifstated is the answer? BMS From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 20:29:56 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A60A316A46C; Tue, 15 Jan 2008 20:29:56 +0000 (UTC) (envelope-from brad@comstyle.com) Received: from mail.comstyle.com (unknown [IPv6:2001:16d8:ffe8:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 29CFA13C474; Tue, 15 Jan 2008 20:29:56 +0000 (UTC) (envelope-from brad@comstyle.com) Received: from [192.168.3.30] (toronto-hs-216-138-195-228.s-ip.magma.ca [216.138.195.228]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: brad) by mail.comstyle.com (Postfix) with ESMTP id 24F7982D2F; Tue, 15 Jan 2008 21:29:36 +0100 (CET) From: Brad To: freebsd-net@freebsd.org Date: Tue, 15 Jan 2008 15:29:32 -0500 User-Agent: KMail/1.9.7 References: <755cb9fc0801151129h6e519557g7ea33e4190196fed@mail.gmail.com> <478D1694.8010906@FreeBSD.org> In-Reply-To: <478D1694.8010906@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801151529.32312.brad@comstyle.com> X-comstyle-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: 24F7982D2F.E1AC8 X-comstyle-MailScanner: Found to be clean X-comstyle-MailScanner-From: brad@comstyle.com X-Spam-Status: No Cc: freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Relayd (former hoststated) status for freebsd 7.0RC1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 20:29:56 -0000 On Tuesday 15 January 2008 15:24:52 Bruce M. Simpson wrote: > Alexandre Vieira wrote: > > Hello all, > > > > I remember that there was a port (net/hoststated) where I could install > > hoststated to use with PF. Anyone can shed a light on what is the status of > > this software implementation on 7.0? > > > > Perhaps ports/net/ifstated is the answer? > > BMS ifstated and relayd (used to be hoststated) are for totally different purposes. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 21:59:02 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 087D116A468 for ; Tue, 15 Jan 2008 21:59:02 +0000 (UTC) (envelope-from nullpt@gmail.com) Received: from ro-out-1112.google.com (ro-out-1112.google.com [72.14.202.183]) by mx1.freebsd.org (Postfix) with ESMTP id 8CA1813C469 for ; Tue, 15 Jan 2008 21:59:01 +0000 (UTC) (envelope-from nullpt@gmail.com) Received: by ro-out-1112.google.com with SMTP id m6so3302009roe.13 for ; Tue, 15 Jan 2008 13:59:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=Ym8y8GH5UcmxbUZ8yVwvuDfB5grWG6G/zhpNqt4L1cQ=; b=akqqTReflPUeXz9AlkIsnj/u9twVmwcL3XWP/dLRCgxWTSSf5IKKOCDPlhwzqI1cit7DgtlsR45aUJuufCgNo83OSyoIYRnnCTwzvrHkcePW3XDRnAFJZlUh+pR2zQTb/tw2c2Piyh0WBKCmtRYT3Kibg80lPBDDzggCmPQLWqY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Q3mAzUSVIsfMeiUuYF9xeOEFcpjXD8Zaa7UCaQeRxCtKegVreerMnf49ZMYQj/1Www7PHWIi3kfiVkiXVaO3tBxGlauwy+gNjfjzrLfbydpacMKJckQA6QUVjQW8mU4jq/4yHBJwZuPjHJYmE/XQF1Oy4i7s7LuqfqEwpIxP4WY= Received: by 10.114.53.1 with SMTP id b1mr5510078waa.134.1200434339413; Tue, 15 Jan 2008 13:58:59 -0800 (PST) Received: by 10.114.240.9 with HTTP; Tue, 15 Jan 2008 13:58:59 -0800 (PST) Message-ID: <755cb9fc0801151358k35cdd267x7500767925e5f3cc@mail.gmail.com> Date: Tue, 15 Jan 2008 21:58:59 +0000 From: "Alexandre Vieira" To: freebsd-net@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org In-Reply-To: <200801151529.32312.brad@comstyle.com> MIME-Version: 1.0 References: <755cb9fc0801151129h6e519557g7ea33e4190196fed@mail.gmail.com> <478D1694.8010906@FreeBSD.org> <200801151529.32312.brad@comstyle.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: flz@FreeBSD.org Subject: Re: Relayd (former hoststated) status for freebsd 7.0RC1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 21:59:02 -0000 On Jan 15, 2008 8:29 PM, Brad wrote: > On Tuesday 15 January 2008 15:24:52 Bruce M. Simpson wrote: > > Alexandre Vieira wrote: > > > Hello all, > > > > > > I remember that there was a port (net/hoststated) where I could > install > > > hoststated to use with PF. Anyone can shed a light on what is the > status of > > > this software implementation on 7.0? > > > > > > > Perhaps ports/net/ifstated is the answer? > > > > BMS > > ifstated and relayd (used to be hoststated) are for totally different > purposes. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > Hi, I meant hostated aka hoststated aka relayd. It's in Obsd base system and had there was a port for freebsd not long ago. I've found the old port structure: http://people.freebsd.org/~flz/local/ports/hoststated/ which stands for ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/flz/hoststated/hoststated-20070131.tgz. Many changes were commited since 07/01/31: http://kho.bonghongxanh.vn/pub/.disk0/ftp.openbsd.org/pub/OpenBSD/cvs/src/usr.sbin/relayd/Makefile,v Added flz@ to the loop. TIA for any effort to get this working. Kind Regards -- Alexandre Vieira - nullpt@gmail.com From owner-freebsd-pf@FreeBSD.ORG Tue Jan 15 22:58:52 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D19716A52E for ; Tue, 15 Jan 2008 22:58:52 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.freebsd.org (Postfix) with ESMTP id 7214213C45B for ; Tue, 15 Jan 2008 22:58:51 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so37349pyb.10 for ; Tue, 15 Jan 2008 14:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=XlgldjDGW/Njy1SL8q1nk4PdYupZO6eg7VFVniqVY48=; b=NPiy4+5q6/PZsUV+lSkDiFAwA/jD4UEHp2dp0tToTyR5LFz85XpUQGTxbLKqr02DgasHKpH4MG6MJasPLcLO/TKsjqEJeYMAnlSu5Tw0pZ0vhCgjW5OEmlQAgXRTIXeETsAiItDjPmNWkmp5FfAu2ug9hOCGao48Fzql8HE3Ji4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=StUWpOpftjb3EKiRKi1/E5rU5fkeeg+KDpj3Zn/dntO/g676598dVNJ7kdGWVaA4RD+W2jnVCy2xtYTSbgQbZ2KkUY1oIy3Gyc6XT901QCsV28dZ+4pb/o9rGPMPrGre7bBU02GXPTjpPTg5UBrsZXe7E7TDtfZwSWVjO1GizM8= Received: by 10.65.158.9 with SMTP id k9mr48132qbo.85.1200437930092; Tue, 15 Jan 2008 14:58:50 -0800 (PST) Received: by 10.64.184.9 with HTTP; Tue, 15 Jan 2008 14:58:50 -0800 (PST) Message-ID: <8e10486b0801151458j2a3e104am6c30619ddfb08974@mail.gmail.com> Date: Tue, 15 Jan 2008 20:58:50 -0200 From: "Alexandre Biancalana" To: freebsd-pf@freebsd.org In-Reply-To: <8e10486b0801131404ne3c2339o3493a938046f2018@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200710272311.09059.max@love2party.net> <8e10486b0801090741k605d7183gfb8bbdfa55fce331@mail.gmail.com> <200801110408.22724.max@love2party.net> <8e10486b0801102018h4f417a4ex900bdaeb078bd29e@mail.gmail.com> <8e10486b0801110252w452f3e4asf438beb6297eb1f@mail.gmail.com> <8e10486b0801110949u1593e427wc24493b98d0003d2@mail.gmail.com> <8e10486b0801131404ne3c2339o3493a938046f2018@mail.gmail.com> Subject: Re: carpdev ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 22:58:52 -0000 On 1/13/08, Alexandre Biancalana wrote: > On 1/11/08, Scott Ullrich wrote: > > Thank you. Do you see the states on the backup machine when it is in the > > backup status mode? > > > > pfctl -ss > > > > You should see a similar output on the backup machine as the primary. > > Yes, the output is the same... > I found another problem, I think this could be related to the patch because this does not happened before.... In this firewall's I have only one real IP Address on each link, so I've to redirect some ports to internal servers. All services are working (http, smtp, pop3, imap) but ftp does not work, when you try to connect the connection is lost. Look this: tcpdump -nettti pflog0 port 21 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 198670 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 235008 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 6. 195725 rule 3/0(match): block in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] The a try to remove the block rule then the output changes to: 000000 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 198670 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 3. 235008 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] 6. 195725 rule 3/0(match): pass in on virtua: 201.21.xxx.xxx.52558 > 201.6.xxx.xxx.21: tcp 28 [bad hdr length 0 - too short, < 20] Any ideas ? From owner-freebsd-pf@FreeBSD.ORG Wed Jan 16 12:33:42 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94CEE16A41B for ; Wed, 16 Jan 2008 12:33:42 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: from hu-out-0506.google.com (hu-out-0506.google.com [72.14.214.231]) by mx1.freebsd.org (Postfix) with ESMTP id 1936E13C46E for ; Wed, 16 Jan 2008 12:33:34 +0000 (UTC) (envelope-from swygue@rodhouse.org) Received: by hu-out-0506.google.com with SMTP id 28so1095258hub.8 for ; Wed, 16 Jan 2008 04:33:26 -0800 (PST) Received: by 10.78.201.2 with SMTP id y2mr668429huf.56.1200486805705; Wed, 16 Jan 2008 04:33:25 -0800 (PST) Received: by 10.78.146.17 with HTTP; Wed, 16 Jan 2008 04:33:25 -0800 (PST) Message-ID: <1a5f1a2d0801160433u41453786q4c1e6fca1f0a150f@mail.gmail.com> Date: Wed, 16 Jan 2008 07:33:25 -0500 From: "Rodrique Heron" To: fox@verio.net In-Reply-To: <20080112072307.GB25623@verio.net> MIME-Version: 1.0 References: <4784F7E3.3060508@rodhouse.org> <1199919114.59461.10.camel@xenon> <1a5f1a2d0801100501j664f6b81sebe866b986a05500@mail.gmail.com> <1199977668.36543.12.camel@xenon> <1a5f1a2d0801100910r1316d24dibb2b12720dfda207@mail.gmail.com> <1200009515.36543.27.camel@xenon> <1a5f1a2d0801101837r338b5453m7a8f673e3b03833e@mail.gmail.com> <1200021436.36543.40.camel@xenon> <1a5f1a2d0801110518i398793a9u84a4c8924f62bcde@mail.gmail.com> <20080112072307.GB25623@verio.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: Forwarding another host X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2008 12:33:42 -0000 On 1/12/08, David DeSimone wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Rodrique Heron wrote: > > > > Yep! I understand perfectly, now is there anything I can do on the pix > side > > to allow the traffic back to HOST-A ? > > This seems the wrong question to ask. > > Shouldn't you instead be wondering, how can you get the PIX to forward > connections to HOST-B instead of to HOST-A? The PIX is a full firewall > with NAT features, so it can perform the NAT instead of your BSD box, > and since it is the default gateway for return traffic, will have no > trouble applying the translation in both directions. > > I realize this is a FreeBSD mailng list, but you should go for the > simplest solution, because complex solutions tend to fail in complex > ways. You are right, I'm looking into that since I don't know much about the PIX. - -- > David DeSimone == Network Admin == fox@verio.net > "This email message is intended for the use of the person to whom > it has been sent, and may contain information that is confidential > or legally protected. If you are not the intended recipient or have > received this message in error, you are not authorized to copy, dis- > tribute, or otherwise use this message or its attachments. Please > notify the sender immediately by return e-mail and permanently delete > this message and any attachments. Verio, Inc. makes no warranty that > this email is error or virus free. Thank you." --Lawyer Bot 6000 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFHiGrbFSrKRjX5eCoRAma/AJwJUY1t0WL7C0b1S5M+IDAvFdODTwCdGcH/ > nVtNURikbji5A9RMtPI3DoE= > =S5sQ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Fri Jan 18 01:23:02 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 230A016A46C for ; Fri, 18 Jan 2008 01:23:02 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by mx1.freebsd.org (Postfix) with ESMTP id A5DD813C4E7 for ; Fri, 18 Jan 2008 01:23:01 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id C292C4803B9 for ; Fri, 18 Jan 2008 13:57:55 +1300 (NZDT) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltd+1dzAxqhh for ; Fri, 18 Jan 2008 13:57:55 +1300 (NZDT) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 8EE5A480473 for ; Fri, 18 Jan 2008 13:57:55 +1300 (NZDT) Received: from UXCHANGE1.UoA.auckland.ac.nz ([130.216.190.118]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 18 Jan 2008 13:57:30 +1300 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Date: Fri, 18 Jan 2008 13:57:30 +1300 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: PF Performance on FreeBSD 6.2 Release Thread-Index: AchZbRoZhNFnLtnTTJmF5tcSvCNR0w== From: "Mark Pagulayan" To: X-OriginalArrivalTime: 18 Jan 2008 00:57:30.0164 (UTC) FILETIME=[19F1BF40:01C8596D] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: PF Performance on FreeBSD 6.2 Release X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 01:23:02 -0000 Hi All,=20 =20 We are planning to upgrade our old Firewall ( PF) boxes which runs on OpenBSD 4.0 to run OpenBSD 4.2 because of the improvements being done on the PF.=20 =20 I tried to install OpenBSD 4.2 on our new hardware, IBM x3655 with an IBM ServeRaid 8K controller, but unfortunately OpenBSD 4.2 does not have driver support for the IBM ServeRaid 8k controller. I found by looking on the internet that FreeBSD supports IBM ServeRaid 8k.=20 =20 My question is, is the PF in the OpenBSD4.2 the same as the current PF in FreeBSD 6.2? =20 Your help would be greatly appreciated. =20 Best Regards, =20 Mark=20 From owner-freebsd-pf@FreeBSD.ORG Fri Jan 18 06:25:27 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48E6316A420 for ; Fri, 18 Jan 2008 06:25:27 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from ffe6.ukr.net (ffe6.ukr.net [195.214.192.23]) by mx1.freebsd.org (Postfix) with ESMTP id D23C113C442 for ; Fri, 18 Jan 2008 06:25:26 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from mail by ffe6.ukr.net with local ID 1JFkO6-000KPM-S7 ; Fri, 18 Jan 2008 08:07:34 +0200 MIME-Version: 1.0 To: "Mark Pagulayan" From: "Vitaliy Vladimirovich" X-Life: is great, enjoy it! X-Mailer: freemail.ukr.net mPOP 3.4.1 X-Originating-Ip: 194.0.148.3 via proxy [194.0.148.3] In-Reply-To: X-Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322) Message-Id: Date: Fri, 18 Jan 2008 08:07:34 +0200 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 8bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: PF Performance on FreeBSD 6.2 Release X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 06:25:27 -0000 --- Original Message --- From: "Mark Pagulayan" To: Date: 18 january, 02:57:30 Subject: PF Performance on FreeBSD 6.2 Release > Hi All, > > > > We are planning to upgrade our old Firewall ( PF) boxes which runs on > OpenBSD 4.0 to run OpenBSD 4.2 because of the improvements being done > on the PF. > > > > I tried to install OpenBSD 4.2 on our new hardware, IBM x3655 with an > IBM ServeRaid 8K controller, but unfortunately OpenBSD 4.2 does not have > driver support for the IBM ServeRaid 8k controller. I found by looking > on the internet that FreeBSD supports IBM ServeRaid 8k. > > > > My question is, is the PF in the OpenBSD4.2 the same as the current PF > in FreeBSD 6.2? From FreeBSD Handbook: Warning: When browsing the pf user's guide, please keep in mind that different versions of FreeBSD contain different versions of pf. The pf firewall in FreeBSD 5.X is at the level of OpenBSD version 3.5 and in FreeBSD 6.X is at the level of OpenBSD version 3.7. Vit. From owner-freebsd-pf@FreeBSD.ORG Fri Jan 18 10:11:44 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9772B16A419 for ; Fri, 18 Jan 2008 10:11:44 +0000 (UTC) (envelope-from kirgudu@kirgudu.org) Received: from t34.kirgudu.org (t34.kirgudu.org [85.21.78.9]) by mx1.freebsd.org (Postfix) with ESMTP id 407BC13C45A for ; Fri, 18 Jan 2008 10:11:44 +0000 (UTC) (envelope-from kirgudu@kirgudu.org) Received: from [195.14.52.5] (kirgudu.corbina.net [195.14.52.5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: kirgudu@kirgudu.org) by t34.kirgudu.org (Postfix) with ESMTP id E22C21A64F; Fri, 18 Jan 2008 12:46:41 +0300 (MSK) Message-ID: <479075BB.6040205@kirgudu.org> Date: Fri, 18 Jan 2008 12:47:39 +0300 From: Dmitry Rybin User-Agent: Thunderbird 2.0.0.9 (X11/20071031) MIME-Version: 1.0 To: Vitaliy Vladimirovich References: In-Reply-To: Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: quoted-printable Cc: Mark Pagulayan , freebsd-pf@freebsd.org Subject: Re: PF Performance on FreeBSD 6.2 Release X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jan 2008 10:11:44 -0000 FreeBSD 7-PRERELEASE has pf from OpenBSD 4.1. Just compiler says. :) Vitaliy Vladimirovich wrote: > --- Original Message --- From: "Mark Pagulayan" To: Date: 18 january, 0= 2:57:30 Subject: PF Performance on FreeBSD 6.2 Release > Hi All, > > > > = We are planning to upgrade our old Firewall ( PF) boxes which runs on > O= penBSD 4.0 to run OpenBSD 4.2 because of the improvements being done > on= the PF. > > > > I tried to install OpenBSD 4.2 on our new hardware, IBM = x3655 with an > IBM ServeRaid 8K controller, but unfortunately OpenBSD 4.= 2 does not have > driver support for the IBM ServeRaid 8k controller. I f= ound by looking > on the internet that FreeBSD supports IBM ServeRaid 8k.= > > > > My question is, is the PF in the OpenBSD4.2 the same as the curr= ent PF > in FreeBSD 6.2? From FreeBSD Handbook: Warning: When browsing th= e pf user's guide, please keep in mind that different versions of FreeBSD= contain different versions of pf. The pf firewall in FreeBSD 5.X is at t= he level of OpenBSD version 3.5 and in FreeBSD 6.X is at the level of Ope= nBSD version 3.7. Vit. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > =20 --- Dmitry Rybin