From owner-freebsd-pf@FreeBSD.ORG Sun Jul 11 05:51:46 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 80FFD106564A for ; Sun, 11 Jul 2010 05:51:46 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 4E26A8FC16 for ; Sun, 11 Jul 2010 05:51:46 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6B5YGnO022454 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Sat, 10 Jul 2010 22:34:17 -0700 (PDT) (envelope-from bc979@lafn.org) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Message-Id: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> Date: Sat, 10 Jul 2010 22:34:16 -0700 To: freebsd-pf@freebsd.org Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Subject: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jul 2010 05:51:46 -0000 I have not been able to find any real information on the contents of the = logs. My logs show a number of interesting entries that I just can't = find any information to explain. For example: loose state match BAD ICMP 11:0 state reuse State failure on: 2 3 | 6 State failure on: 1 | 5 =20 BAD state How do you interpret these? Is there anything written on the log = contents?= From owner-freebsd-pf@FreeBSD.ORG Sun Jul 11 09:17:15 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DB7A106566B for ; Sun, 11 Jul 2010 09:17:15 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from mailgate.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::3]) by mx1.freebsd.org (Postfix) with ESMTP id DBDD28FC16 for ; Sun, 11 Jul 2010 09:17:14 +0000 (UTC) Received: from websrv01.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::4]) by mailgate.jr-hosting.nl (Postfix) with ESMTP id 31C9E1CC3E; Sun, 11 Jul 2010 11:17:14 +0200 (CEST) Received: from a83-163-38-147.adsl.xs4all.nl ([83.163.38.147] helo=axantucar.elvandar.int) by websrv01.jr-hosting.nl with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.72 (FreeBSD)) (envelope-from ) id 1OXsew-000L7q-4e; Sun, 11 Jul 2010 11:17:14 +0200 Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii From: Remko Lodder In-Reply-To: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> Date: Sun, 11 Jul 2010 11:17:13 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> To: Doug Hardie X-Mailer: Apple Mail (2.1081) Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jul 2010 09:17:15 -0000 On Jul 11, 2010, at 7:34 AM, Doug Hardie wrote: > I have not been able to find any real information on the contents of = the logs. My logs show a number of interesting entries that I just = can't find any information to explain. For example: >=20 > loose state match >=20 > BAD ICMP 11:0 >=20 > state reuse >=20 > State failure on: 2 3 | 6 >=20 > State failure on: 1 | 5 =20 >=20 > BAD state >=20 > How do you interpret these? Is there anything written on the log = contents? How do you get these messages? I have never seen them on my machines at = all, so you must have been setting pfctl -x debug or something? Thanks, Remko --=20 /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 01:49:30 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C0502106566C for ; Mon, 12 Jul 2010 01:49:30 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.ORG [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 9B1C38FC0A for ; Mon, 12 Jul 2010 01:49:30 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6C1mxIw049821 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 11 Jul 2010 18:49:00 -0700 (PDT) (envelope-from bc979@lafn.org) References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> In-Reply-To: Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii Message-Id: <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> Content-Transfer-Encoding: quoted-printable From: Doug Hardie Date: Sun, 11 Jul 2010 18:48:59 -0700 To: Remko Lodder X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 01:49:30 -0000 On 11 July 2010, at 02:17, Remko Lodder wrote: >=20 > On Jul 11, 2010, at 7:34 AM, Doug Hardie wrote: >=20 >> I have not been able to find any real information on the contents of = the logs. My logs show a number of interesting entries that I just = can't find any information to explain. For example: >>=20 >> loose state match >>=20 >> BAD ICMP 11:0 >>=20 >> state reuse >>=20 >> State failure on: 2 3 | 6 >>=20 >> State failure on: 1 | 5 =20 >>=20 >> BAD state >>=20 >> How do you interpret these? Is there anything written on the log = contents? >=20 >=20 > How do you get these messages? I have never seen them on my machines = at all, so you must have been setting pfctl -x debug or something? I believe I used pfctl -x m although it might have been u.= From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 06:12:47 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E8E31065670 for ; Mon, 12 Jul 2010 06:12:47 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from mailgate.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::3]) by mx1.freebsd.org (Postfix) with ESMTP id 2646F8FC17 for ; Mon, 12 Jul 2010 06:12:47 +0000 (UTC) Received: from websrv01.jr-hosting.nl (unknown [IPv6:2a01:4f8:63:1281::4]) by mailgate.jr-hosting.nl (Postfix) with ESMTP id 57CA91CC2E; Mon, 12 Jul 2010 08:12:46 +0200 (CEST) Received: from www by websrv01.jr-hosting.nl with local (Exim 4.72 (FreeBSD)) (envelope-from ) id 1OYCFy-000BSO-A0; Mon, 12 Jul 2010 08:12:46 +0200 Received: from 2001:888:15a5:0:20e:cff:fe2e:41f6 (SquirrelMail authenticated user remko) by www.jr-hosting.nl with HTTP; Mon, 12 Jul 2010 08:12:46 +0200 Message-ID: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> In-Reply-To: <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> Date: Mon, 12 Jul 2010 08:12:46 +0200 From: "Remko Lodder" To: "Doug Hardie" User-Agent: SquirrelMail/1.4.20 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 06:12:47 -0000 >> I believe I used pfctl -x m although it might have been u. >From the manual page it seems you did the 'm': -x urgent Generate debug messages only for serious errors. -x misc Generate debug messages for various errors. That generates messages for various types of problems normally not instantly seen. Are you using that flag to detect traffic that is giving you problems of any kind? If you are not using that, I'd suggest that you turn it off. The internet is a noisy place, and I am pretty sure that if I enable it the same way you do, I will get overloaded by logs as well. Applications are not always conformant to the RFC's, which might cause bogus packets, or information gets lost in transit, causing misbehaviour. I think the firewall is just telling you: Hey we have everything under control; we just refused a bogus packet, no worries ! It'd be more worried if the output remains silent :) Thanks, Remko -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 06:20:49 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AA661065675 for ; Mon, 12 Jul 2010 06:20:49 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id 5B95B8FC16 for ; Mon, 12 Jul 2010 06:20:46 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6C6KhVc056379 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 11 Jul 2010 23:20:43 -0700 (PDT) (envelope-from bc979@lafn.org) References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> In-Reply-To: <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> Mime-Version: 1.0 (Apple Message framework v1081) X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Message-Id: Content-Transfer-Encoding: quoted-printable From: Doug Hardie Date: Sun, 11 Jul 2010 23:20:42 -0700 To: "Remko Lodder" X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 06:20:49 -0000 I am trying to understand what pf is trying to tell me. Its generating = those messages for a reason. The volume of them depends on how many = rules have log in them and how often they are invoked. =20 On 11 July 2010, at 23:12, Remko Lodder wrote: >=20 >=20 >>> I believe I used pfctl -x m although it might have been u. >=20 >> =46rom the manual page it seems you did the 'm': >=20 > -x urgent Generate debug messages only for serious errors. > -x misc Generate debug messages for various errors. >=20 > That generates messages for various types of problems normally not > instantly seen. Are you using that flag to detect traffic that is = giving > you problems of any kind? >=20 > If you are not using that, I'd suggest that you turn it off. The = internet > is a noisy place, and I am pretty sure that if I enable it the same = way > you do, I will get overloaded by logs as well. >=20 > Applications are not always conformant to the RFC's, which might cause > bogus packets, or information gets lost in transit, causing = misbehaviour. > I think the firewall is just telling you: Hey we have everything under > control; we just refused a bogus packet, no worries ! >=20 > It'd be more worried if the output remains silent :) >=20 > Thanks, > Remko >=20 > --=20 > /"\ Best regards, | remko@FreeBSD.org > \ / Remko Lodder | remko@EFnet > X http://www.evilcoder.org/ | > / \ ASCII Ribbon Campaign | Against HTML Mail and News >=20 >=20 From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 06:52:42 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51756106564A for ; Mon, 12 Jul 2010 06:52:42 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch [213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id C8ACA8FC0A for ; Mon, 12 Jul 2010 06:52:39 +0000 (UTC) Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1]) by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id o6C6qEjv026877 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Mon, 12 Jul 2010 08:52:14 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id o6C6qEpq022301; Mon, 12 Jul 2010 08:52:14 +0200 (MEST) Date: Mon, 12 Jul 2010 08:52:14 +0200 From: Daniel Hartmeier To: Doug Hardie Message-ID: <20100712065214.GA20464@insomnia.benzedrine.cx> References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 06:52:42 -0000 On Sun, Jul 11, 2010 at 11:20:42PM -0700, Doug Hardie wrote: > I am trying to understand what pf is trying to tell me. Its generating those messages for a reason. The volume of them depends on how many rules have log in them and how often they are invoked. Some explanations can be found in http://www.undeadly.org/cgi?action=article&sid=20060928081238 search for "BAD state" in the text. Kind regards, Daniel From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 08:18:44 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1B63106564A for ; Mon, 12 Jul 2010 08:18:44 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [206.117.18.8]) by mx1.freebsd.org (Postfix) with ESMTP id B094F8FC12 for ; Mon, 12 Jul 2010 08:18:44 +0000 (UTC) Received: from [10.0.1.4] (pool-71-109-144-133.lsanca.dsl-w.verizon.net [71.109.144.133]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id o6C8IY0u058918 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 12 Jul 2010 01:18:36 -0700 (PDT) (envelope-from bc979@lafn.org) References: <71E83E87-9849-4963-8260-4473DC931CA2@lafn.org> <746C7B18-9A4C-4B79-8396-9161660EEF61@lafn.org> <46af4cb6a759a1c232b9dd63997334aa.squirrel@www.jr-hosting.nl> <20100712065214.GA20464@insomnia.benzedrine.cx> In-Reply-To: <20100712065214.GA20464@insomnia.benzedrine.cx> Mime-Version: 1.0 (Apple Message framework v1081) Content-Type: text/plain; charset=us-ascii Message-Id: Content-Transfer-Encoding: quoted-printable From: Doug Hardie Date: Mon, 12 Jul 2010 01:18:33 -0700 To: Daniel Hartmeier X-Mailer: Apple Mail (2.1081) X-Virus-Scanned: clamav-milter 0.95.3 at zoom.lafn.org X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: Interpreting Logs X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 08:18:44 -0000 On 11 July 2010, at 23:52, Daniel Hartmeier wrote: > On Sun, Jul 11, 2010 at 11:20:42PM -0700, Doug Hardie wrote: >=20 >> I am trying to understand what pf is trying to tell me. Its = generating those messages for a reason. The volume of them depends on = how many rules have log in them and how often they are invoked. =20 >=20 > Some explanations can be found in >=20 > http://www.undeadly.org/cgi?action=3Darticle&sid=3D20060928081238 >=20 > search for "BAD state" in the text. Thanks. That is really helpful in understanding how pf really works. I = will have to dig through it in more detail. Is there anything else = written on the other messages?= From owner-freebsd-pf@FreeBSD.ORG Mon Jul 12 11:07:06 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D4421065676 for ; Mon, 12 Jul 2010 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2B77B8FC25 for ; Mon, 12 Jul 2010 11:07:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6CB76GR094093 for ; Mon, 12 Jul 2010 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6CB759G094091 for freebsd-pf@FreeBSD.org; Mon, 12 Jul 2010 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 12 Jul 2010 11:07:05 GMT Message-Id: <201007121107.o6CB759G094091@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jul 2010 11:07:06 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/144311 pf [pf] [icmp] massive ICMP storm on lo0 occurs when usin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 47 problems total. From owner-freebsd-pf@FreeBSD.ORG Sat Jul 17 21:20:12 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEF681065675 for ; Sat, 17 Jul 2010 21:20:11 +0000 (UTC) (envelope-from vchepkov@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id A04878FC0A for ; Sat, 17 Jul 2010 21:20:11 +0000 (UTC) Received: by vws19 with SMTP id 19so4520553vws.13 for ; Sat, 17 Jul 2010 14:20:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:content-type :content-transfer-encoding:subject:date:message-id:to:mime-version :x-mailer; bh=NNpspQ0QUNKWjTgpt5LEpm2w8uUMnjh+ZXmiRcQR8I8=; b=EPmU3V7WTl+ddTBXOUQnFlyvmkoq2gv03KIQxdaDiYJXl4H4m9CqOgNV/4ozqWmuMd hQCUKjFwqiC0+85Y5e7FkWy9HRxaW3Dogy/7SYVRyfO6+fLgylKSWjNp22SjHQUEJ9N0 hxEzo5z0sbD+CzJIKeneCHLvfQN0p5vsDaD2s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; b=uZEkeLQsUqBypq96FKBKJC0EdsjzzUkSMvDIE0mH4Z+fZqDVTxex90tMjCpWUaRMAI Lzx/O8RElhmwxSYuOuHgM5uxkaOu3Ql8iXGhppJwPQ59CkzsRdwXocDuFAvOU93H+m4+ oBHLxlln4xMVIM8/8Q8/9b+YtiXxMJciKL/ME= Received: by 10.220.121.210 with SMTP id i18mr1476694vcr.148.1279401610617; Sat, 17 Jul 2010 14:20:10 -0700 (PDT) Received: from vvcmac.videonext.lan (gateway.videonext.net [38.103.36.18]) by mx.google.com with ESMTPS id w31sm8504409vbs.15.2010.07.17.14.20.09 (version=SSLv3 cipher=RC4-MD5); Sat, 17 Jul 2010 14:20:09 -0700 (PDT) From: Vadym Chepkov Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sat, 17 Jul 2010 17:20:07 -0400 Message-Id: <51C5C59B-87B0-4E7E-A639-A0AFA5ED385B@gmail.com> To: freebsd-pf@FreeBSD.org Mime-Version: 1.0 (Apple Message framework v1081) X-Mailer: Apple Mail (2.1081) Cc: Subject: tftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jul 2010 21:20:12 -0000 Hi, I am unsuccessful in configuring tftp-proxy to work with my phones. This is my configuration involved: FreeBSD 7.3-RELEASE-p2 # cat /etc/pf.conf wan_if=3D"re0" phone_if=3D"em0" set debug urgent set optimization normal set block-policy return set timeout { udp.first 300, udp.single 150, udp.multiple 900 } set limit { states 20000, frags 20000 } set skip on lo0 scrub in nat on $wan_if from $phone_if -> $wan_if no nat on $wan_if to port tftp nat on $wan_if proto udp from $phone_if:network to any -> $wan_if = static-port nat on $wan_if from $phone_if:network to any -> $wan_if rdr-anchor "tftp-proxy/*" rdr on $phone_if proto udp from $phone_if:network to any port tftp -> = 127.0.0.1 port 6969 anchor "tftp-proxy/*" # grep tftp-proxy /etc/inetd.conf=20 tftp-proxy dgram udp wait root /usr/libexec/tftp-proxy = tftp-proxy -w 5 # grep tftp-proxy /etc/services=20 tftp-proxy 6969/udp # grep inetd /etc/rc.conf=20 inetd_enable=3D"YES" inetd_flags=3D"-a 127.0.0.1" I observe in the syslog the following message: Jul 17 16:37:11 spider tftp-proxy[4675]: pf connection lookup failed (no = rdr?) Jul 17 16:37:11 spider kernel: Jul 17 16:37:11 spider tftp-proxy[4675]: = pf connection lookup failed (no rdr?) Jul 17 16:37:11 spider inetd[4665]: /usr/libexec/tftp-proxy[4675]: = exited, status 1 tcpdump shows tftp reply packets are getting rejected, which I assume = means tftp-proxy is not expecting replies 17:07:19.135743 IP spider.57874 > 204.16.177.35.tftp: 32 RRQ = "SEPXXX.cnf.xml" octet=20 17:07:19.167369 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:20.596097 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:21.596652 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:22.597755 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:24.142580 IP spider.58998 > 204.16.177.35.tftp: 32 RRQ = "SEPXXX.cnf.xml" octet=20 17:07:24.242006 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:24.242036 IP spider > 204.16.177.35: ICMP spider udp port 57874 = unreachable, length 36 17:07:24.242465 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1 17:07:25.243154 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:25.243203 IP spider > 204.16.177.35: ICMP spider udp port 57874 = unreachable, length 36 17:07:25.243213 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1 17:07:26.244089 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:26.244121 IP spider > 204.16.177.35: ICMP spider udp port 57874 = unreachable, length 36 17:07:26.244281 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1 17:07:27.245051 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:27.245091 IP spider > 204.16.177.35: ICMP spider udp port 57874 = unreachable, length 36 17:07:27.245409 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1 17:07:28.246205 IP 204.16.177.35.tftp > spider.57874: 516 DATA block 1 17:07:28.246246 IP spider > 204.16.177.35: ICMP spider udp port 57874 = unreachable, length 36 17:07:28.246292 IP 204.16.177.35.tftp > spider.58998: 516 DATA block 1 Not sure what I did wrong. The manual page of tftp-proxy has wrong entry = for inetd.conf, it has illegal syntax for FreeBSD's inetd,=20 maybe some other nuance was lost during migration from OpenBSD? Thank you, Sincerely, Vadym Chepkov From owner-freebsd-pf@FreeBSD.ORG Sat Jul 17 22:04:36 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D15E106564A for ; Sat, 17 Jul 2010 22:04:36 +0000 (UTC) (envelope-from thomas.elsgaard@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 315178FC0C for ; Sat, 17 Jul 2010 22:04:35 +0000 (UTC) Received: by fxm13 with SMTP id 13so1813882fxm.13 for ; Sat, 17 Jul 2010 15:04:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=xPCPQlUKo1Dl8BvTSOdTxgQ633CQyxef5weQdyCq6+4=; b=dtOi5kajxg1WYRSNKUs3p+X9OjPgxgxsnt/2bFG2adGdLgdsliXXVy5QZiDrknAz29 mamCil3eRMZ54GEqkI05MVvgvMuvwZ0BJqFrATS5M210iBS7vYXGfKTNOdpC8pzH0Jk/ SqwJxOQgZaOVzH1oL+nvv4UO4yVk44u98a4aw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=wnbAnqRbJG9GN9dVXNSyOjS4UfAuJQbgGS6ou8K9jqR91g8gA69Z/t3viZDtZKH2PK e5jRmKCx0y/WINls64zVEUkIkQvQjjEKmpME90R1SDFLJe6zHwMIajGjT4sxg+YrT2h+ hfEoW80swqT1Dh4FpE+GcPM9yLXoyUU67MJD4= MIME-Version: 1.0 Received: by 10.239.146.210 with SMTP id x18mr45628hba.112.1279402867993; Sat, 17 Jul 2010 14:41:07 -0700 (PDT) Received: by 10.239.154.196 with HTTP; Sat, 17 Jul 2010 14:41:07 -0700 (PDT) Date: Sat, 17 Jul 2010 19:41:07 -0200 Message-ID: From: Thomas Elsgaard To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: How to do PAT based on source IP network and port ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jul 2010 22:04:36 -0000 Hi I am wondering how i can get pf to do a PAT based on source IP network? Traffic from 10.5.1.0/24 towards UDP port 69 should be mapped to port 20000 instead of port 69 Traffic from 10.5.2.0/24 towards UDP port 69 should be mapped to port 20001 instead of port 69 Traffic is accessing a service on the same server where pf is running. Is this possible with pf? Thomas From owner-freebsd-pf@FreeBSD.ORG Sat Jul 17 22:10:39 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 760811065670 for ; Sat, 17 Jul 2010 22:10:39 +0000 (UTC) (envelope-from torsten@cnc-london.net) Received: from mailhost.cnc-london.net (mailhost.cnc-london.net [209.44.113.195]) by mx1.freebsd.org (Postfix) with ESMTP id 0C2138FC19 for ; Sat, 17 Jul 2010 22:10:38 +0000 (UTC) Received: (qmail 35001 invoked by uid 90); 17 Jul 2010 23:10:36 +0100 Received: from 78-105-9-127.zone3.bethere.co.uk (torsten@cnc-london.net@78-105-9-127.zone3.bethere.co.uk) by mailhost.cnc-london.net (envelope-from , uid 82) with qmail-scanner-2.05st (clamdscan: 0.95.1/9472. perlscan: 2.06st. Clear:RC:1(78.105.9.127):. Processed in 0.038831 secs); 17 Jul 2010 22:10:36 -0000 Received: from 78-105-9-127.zone3.bethere.co.uk (HELO torstenWIN7) (torsten@cnc-london.net@78.105.9.127) by mailhost.cnc-london.net with SMTP; 17 Jul 2010 23:10:36 +0100 From: "Torsten Kersandt" To: References: In-Reply-To: Date: Sat, 17 Jul 2010 23:09:23 +0100 Message-ID: <011b01cb25fc$b78d2ce0$26a786a0$@net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Acsl/BEn0l4gjZ0gSX+8R98BODtXiAAAFqTQ Content-Language: en-gb Subject: RE: How to do PAT based on source IP network and port ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jul 2010 22:10:39 -0000 Hi I am wondering how i can get pf to do a PAT based on source IP network? Traffic from 10.5.1.0/24 towards UDP port 69 should be mapped to port 20000 instead of port 69 Traffic from 10.5.2.0/24 towards UDP port 69 should be mapped to port 20001 instead of port 69 Traffic is accessing a service on the same server where pf is running. Is this possible with pf? Thomas _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" HI I think that's a easier one rdr pass on $ext_if proto udp from any to $ext_if port 20000 -> 127.0.0.1 port 69