From owner-freebsd-pf@FreeBSD.ORG Sun Jan 10 04:48:39 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 08EFA10657A0 for ; Sun, 10 Jan 2010 04:48:39 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id B3F448FC14 for ; Sun, 10 Jan 2010 04:48:37 +0000 (UTC) Received: by yxe1 with SMTP id 1so19145652yxe.3 for ; Sat, 09 Jan 2010 20:48:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:cc :subject:in-reply-to:message-id:references:user-agent :x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; bh=BGLtjlr2eDLS/byWjNgoNmxSOfmcYC+NZkwukGGokZ0=; b=q9+GcbARqQw/S7gynDNO/MdmYUpTByP77Zf1e7sUZHtoGML7WuPWvtaJRvAe0BrnMQ u4RjnJYuy4q//dt+oGGLaik41UytO38PHS826Hok4+Sqc5jW6gsq3Dksk3f36vvrGvJQ I3fJxLiHriKbIPOtHdsQWqWICeTtAMP4aGD44= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=QXpnvh7gfF1IUfXW8CMl1TN5cFvvT0ETPPuG9W0B15Zgbak/pG2T6Y1rmInVILRjPp 7bWBje8RGRRlRZ6QkDos6jbtumW45OJVbEcgvIiYXLgeAAe4E/wNXjGjJ1oy51CyQ09s JdQxJ4KeSXgKOskwYyAhHA0cTaxVsix9sTXEk= Received: by 10.101.4.28 with SMTP id g28mr6080661ani.192.1263098910776; Sat, 09 Jan 2010 20:48:30 -0800 (PST) Received: from ppp-21.185.dialinfree.com (ppp-21.185.dialinfree.com [209.172.21.185]) by mx.google.com with ESMTPS id 21sm477609iwn.10.2010.01.09.20.47.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 09 Jan 2010 20:48:29 -0800 (PST) Sender: "J. Hellenthal" Date: Sat, 9 Jan 2010 23:44:55 -0500 From: jhell To: Alex Povolotsky In-Reply-To: <4B48E927.1030706@webmail.sub.ru> Message-ID: References: <4AEC4A6F65A84D258332A61EF5980850@john> <9a542da30912110411g6d332409h9db4664b73ee1153@mail.gmail.com> <4B48E065.8070307@webmail.sub.ru> <4B48E927.1030706@webmail.sub.ru> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@freebsd.org Subject: Re: FW: clientNatLookup: PF open failed: (13) Permission denied X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2010 04:48:39 -0000 On Sat, 9 Jan 2010 15:37, tarkhil@ wrote: > On 01/09/10 23:00, Alex Povolotsky wrote: >> Well, what is the proper way to chgrp squid /dev/pf and chmod g+r /dev/pf >> automatically? Nothing better than rc.local or patching >> /usr/local/etc/rc.d/squid? > > Quite simple; I should figure it out at once. > > use devd.conf > > Alex. > In /etc/devfs.rules Something like: [system=10] add path 'pf' mode 0660 group pfreader And then in /etc/rc.conf Add: devfs_system_ruleset="system" These are just examples but based on what I am using for some other devices. Best of luck. -- Sat Jan 9 23:41:53 2010 jhell From owner-freebsd-pf@FreeBSD.ORG Mon Jan 11 11:07:06 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A4CF1065695 for ; Mon, 11 Jan 2010 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 208258FC1A for ; Mon, 11 Jan 2010 11:07:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0BB763L034744 for ; Mon, 11 Jan 2010 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0BB75jp034742 for freebsd-pf@FreeBSD.org; Mon, 11 Jan 2010 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 Jan 2010 11:07:05 GMT Message-Id: <201001111107.o0BB75jp034742@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 11:07:06 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 38 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Jan 13 11:25:09 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C70CE106568D for ; Wed, 13 Jan 2010 11:25:09 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 80C028FC19 for ; Wed, 13 Jan 2010 11:25:08 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NV1LV-0000oK-8X for freebsd-pf@freebsd.org; Wed, 13 Jan 2010 12:25:05 +0100 Received: from 85.173.92.192 ([85.173.92.192]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 13 Jan 2010 12:25:05 +0100 Received: from dsh by 85.173.92.192 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 13 Jan 2010 12:25:05 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-pf@freebsd.org From: Denis Shaposhnikov Date: Wed, 13 Jan 2010 14:07:22 +0300 Lines: 13 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: 85.173.92.192 User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.5) Gecko/20091219 Thunderbird/3.0 X-Enigmail-Version: 1.0 Sender: news Subject: synproxy doesn't work after upgrading to RELENG_8_0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2010 11:25:09 -0000 Hello! After upgrading to RELENG_8_0 I've found next rule doesn't work: pass in quick proto tcp to port { http https } flags S/SA synproxy state but same rule without synproxy works fine: pass in quick proto tcp to port { http https } Is it some well-known problem? Something wrong with synproxy on RELENG_8? Thanks! From owner-freebsd-pf@FreeBSD.ORG Thu Jan 14 06:41:25 2010 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C1EB4106566C; Thu, 14 Jan 2010 06:41:25 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9A28D8FC0A; Thu, 14 Jan 2010 06:41:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0E6fPCS049878; Thu, 14 Jan 2010 06:41:25 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0E6fPiH049874; Thu, 14 Jan 2010 06:41:25 GMT (envelope-from linimon) Date: Thu, 14 Jan 2010 06:41:25 GMT Message-Id: <201001140641.o0E6fPiH049874@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/142817: [patch] etc/rc.d/pf: silence pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 06:41:25 -0000 Synopsis: [patch] etc/rc.d/pf: silence pfctl Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Thu Jan 14 06:41:14 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=142817 From owner-freebsd-pf@FreeBSD.ORG Thu Jan 14 11:20:03 2010 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B00E1065670 for ; Thu, 14 Jan 2010 11:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3144A8FC1A for ; Thu, 14 Jan 2010 11:20:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0EBK3qI012355 for ; Thu, 14 Jan 2010 11:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0EBK3KQ012354; Thu, 14 Jan 2010 11:20:03 GMT (envelope-from gnats) Date: Thu, 14 Jan 2010 11:20:03 GMT Message-Id: <201001141120.o0EBK3KQ012354@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Artis Caune Cc: Subject: Re: conf/142817: [patch] etc/rc.d/pf: silence pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Artis Caune List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 11:20:03 -0000 The following reply was made to PR conf/142817; it has been noted by GNATS. From: Artis Caune To: bug-followup@FreeBSD.org, yuri.pankov@gmail.com Cc: Subject: Re: conf/142817: [patch] etc/rc.d/pf: silence pfctl Date: Thu, 14 Jan 2010 13:12:45 +0200 and maybe we can also remove ALTQ warning from pfctl? patch: http://www.nic.lv/sofq/patch-pfctl-altq.txt -- Artis Caune Everything should be made as simple as possible, but not simpler. From owner-freebsd-pf@FreeBSD.ORG Thu Jan 14 12:02:36 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9509106571C for ; Thu, 14 Jan 2010 12:02:36 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 76E578FC21 for ; Thu, 14 Jan 2010 12:02:36 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 9DDD919E047; Thu, 14 Jan 2010 13:02:34 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 7C51119E023; Thu, 14 Jan 2010 13:02:32 +0100 (CET) Message-ID: <4B4F07D8.4010603@quip.cz> Date: Thu, 14 Jan 2010 13:02:32 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2 MIME-Version: 1.0 To: Artis Caune References: <201001141120.o0EBK3KQ012354@freefall.freebsd.org> In-Reply-To: <201001141120.o0EBK3KQ012354@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@FreeBSD.org Subject: Re: conf/142817: [patch] etc/rc.d/pf: silence pfctl X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 12:02:36 -0000 Artis Caune wrote: > The following reply was made to PR conf/142817; it has been noted by GNATS. > > From: Artis Caune > To: bug-followup@FreeBSD.org, yuri.pankov@gmail.com > Cc: > Subject: Re: conf/142817: [patch] etc/rc.d/pf: silence pfctl > Date: Thu, 14 Jan 2010 13:12:45 +0200 > > and maybe we can also remove ALTQ warning from pfctl? > > patch: http://www.nic.lv/sofq/patch-pfctl-altq.txt The warning can be useful in some cases, but it would be useful if can be supressed by some option (without redirecting all stderr in to /dev/null) Miroslav Lachman From owner-freebsd-pf@FreeBSD.ORG Thu Jan 14 19:15:29 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE810106568D for ; Thu, 14 Jan 2010 19:15:28 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-qy0-f174.google.com (mail-qy0-f174.google.com [209.85.221.174]) by mx1.freebsd.org (Postfix) with ESMTP id AF57C8FC14 for ; Thu, 14 Jan 2010 19:15:28 +0000 (UTC) Received: by qyk4 with SMTP id 4so11941278qyk.7 for ; Thu, 14 Jan 2010 11:15:18 -0800 (PST) Received: by 10.224.87.9 with SMTP id u9mr1250213qal.223.1263496507359; Thu, 14 Jan 2010 11:15:07 -0800 (PST) Received: from kkPC (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 8sm144350yxg.6.2010.01.14.11.15.04 (version=SSLv3 cipher=RC4-MD5); Thu, 14 Jan 2010 11:15:05 -0800 (PST) From: "kevin" To: Date: Thu, 14 Jan 2010 14:14:53 -0500 Message-ID: <010801ca954d$db567fe0$92037fa0$@com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqVTdmQHn+AZUSDSVG7t80tHWFaFw== Content-Language: en-us Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pf > round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 19:15:29 -0000 Hello, I'm sure this topic has come up previously, however I'm just curious if FreeBSD's PF + round robin load balancing to tcp port 80 has any status checking built in. That is to say, if server1's tcp 80 is not even responsive, does PF still send traffic to it? It would be great if this was built in. If not (as I suspect), what alternatives could be had to implement some sort of status checking, while still using PF's round-robing directive? Thanks, Kevin From owner-freebsd-pf@FreeBSD.ORG Thu Jan 14 20:07:35 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F37E11065694 for ; Thu, 14 Jan 2010 20:07:34 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id B3B988FC12 for ; Thu, 14 Jan 2010 20:07:34 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6117819E047; Thu, 14 Jan 2010 21:07:33 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 2880719E019; Thu, 14 Jan 2010 21:07:31 +0100 (CET) Message-ID: <4B4F7982.3070207@quip.cz> Date: Thu, 14 Jan 2010 21:07:30 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.7) Gecko/20100104 SeaMonkey/2.0.2 MIME-Version: 1.0 To: kevin References: <010801ca954d$db567fe0$92037fa0$@com> In-Reply-To: <010801ca954d$db567fe0$92037fa0$@com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: pf > round robin X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 20:07:35 -0000 kevin wrote: > Hello, > > I'm sure this topic has come up previously, however I'm just curious if > FreeBSD's PF + round robin load balancing to tcp port 80 has any status > checking built in. No, there is not. PF is packet filter, not swiss army knife > That is to say, if server1's tcp 80 is not even responsive, does PF still > send traffic to it? It would be great if this was built in. If not (as I > suspect), what alternatives could be had to implement some sort of status > checking, while still using PF's round-robing directive? There is net/relayd in ports (from OpenBSD project, as PF) to things like this. Miroslav Lachman From owner-freebsd-pf@FreeBSD.ORG Fri Jan 15 15:27:05 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D77E2106566C for ; Fri, 15 Jan 2010 15:27:05 +0000 (UTC) (envelope-from britneyfreek@googlemail.com) Received: from mail-pz0-f185.google.com (mail-pz0-f185.google.com [209.85.222.185]) by mx1.freebsd.org (Postfix) with ESMTP id AB6CD8FC1F for ; Fri, 15 Jan 2010 15:27:05 +0000 (UTC) Received: by pzk15 with SMTP id 15so644660pzk.3 for ; Fri, 15 Jan 2010 07:26:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=F42EdaRMsVT3b+pDB/fFTIUecQu/RQdwXA0VzIFk2qM=; b=rd6tov9CgyFoxRzx2kOiIgq6MtgoXFlfXSRABX6wum2UfPzHivRMbDpaow+nWIcDap xgjqK7HLmREeYb+JViiPR1zeGc9+qlhwc1v8pbsL+XiORb5/dXv73MspHaw8VrqNq5/F 8l6qO9HAnq6rmX6cEmMaSEBpJoj9GMNikdsUw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=O/AOSr4i8dskwt2PBd4O+htmbAd3zWueIPVvFAMyStY2N42ZpE3l6pD7dpDlvlcOXK WbrF1160tMLvl05u3cUma1ask7ABIFTqnNwtHFnJ7lOzukcg/aXh+tXtGi6E6IzZTq+p 8+yLfE/HYO6wB7uNxDnShhA6DeO2K5Lcem8VQ= MIME-Version: 1.0 Received: by 10.141.107.9 with SMTP id j9mr1806692rvm.254.1263569218672; Fri, 15 Jan 2010 07:26:58 -0800 (PST) In-Reply-To: <28745bbf0912220149o617d7e98i1e753b1ccd7ffd76@mail.gmail.com> References: <28745bbf0912211342r63f4131dnbab5f41d1260b390@mail.gmail.com> <7517921781821559764@unknownmsgid> <28745bbf0912220149o617d7e98i1e753b1ccd7ffd76@mail.gmail.com> Date: Fri, 15 Jan 2010 16:26:58 +0100 Message-ID: <2ad621ab1001150726l29167194l68978edc6e926a36@mail.gmail.com> From: britneyfreek To: Adam Egan Content-Type: text/plain; charset=UTF-8 Cc: freebsd-pf@freebsd.org Subject: Re: Ruleset causing problems with N95? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2010 15:27:06 -0000 sorry for the long delay - happy new year btw ;) i still believe your problem has to do with mss/mtu sizes. i am no professional on that topic but i assume there are options to fix this - either in your pppoe client (that your router is supposed to use) or in your firewall config. i remember myself trying to optimize mss/mtu sizes once. i also used a value of 1452 and this raised problems like not completely loading web pages. i'm from germany, all german websites loaded completely but some from overseas stopped loading html/css/images occasionally. that said, you might try removing the max-mss option? or try a value of 1492? what (pppoe-)client software connects you to the internet? - b 2009/12/22 Adam Egan : > I'm not using a PPPoE client that I'm aware of... > > Phone -> Wireless -> router > > My router has UPnP enabled which I thought might have helped but it doesn't :( > > I just googled for 'n95 fix-mss' and all I got was this mail on > kernaltrap.. was surprised it appeared so fast! > > I added some tcp reassemble stuff to my ruleset to help with Vista/7's > window scaling/autotuninglevel - could this be affecting it? > > Adam > > 2009/12/22 no name : >> hello, i had a similar problem on my iphone/podtouch... try to enable >> any fix-mss option in your pppoe client (i suppose u use one) >> >> cheers, b >> >> Am 21.12.2009 um 22:42 schrieb Adam Egan : >> >>> I've recently been making an effort to get my N95 to work on my LAN. I >>> have reason to believe that for some reason, my router/ruleset is >>> inhibiting the phone's access. >>> >>> My ruleset is here: http://pastebin.com/m56dadcd8 >>> >>> basically, i cannot download files on my phone, or use the sync, >>> spotify, gmail or similar applications. When I try to download a file, >>> it seems to be listed as 2KB, and then nothing happens. I'm not sure >>> what on earth could be causing it, and I have tried playing around >>> with the rules. >>> >>> taking the router out of the equasian does fix the matter. >>> >>> add >>> _______________________________________________ >>> freebsd-pf@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >